Creating A Signature Attack Object - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Table 39: Attack Object Types (continued)

Type

Protocol Anomaly

Compound Attack

Creating a Signature Attack Object

Table 40: Custom Attack – General Properties

Property

False Positives

Description

Detects unknown or sophisticated attacks that violate protocol specifications (RFCs and common

RFC extensions).

You cannot create new protocol anomalies, but you can configure a new attack object that controls

how the security device handles a predefined protocol anomaly when detected.

If you do not know that exact attack signature, but you do know the protocol anomaly that detects

the attack, select this option.

Detects attacks that use multiple methods to exploit a vulnerability. This object combines multiple

signatures and/or protocol anomalies into a single attack object, forcing traffic to match all

combined signatures and/or anomalies within the compound attack object before traffic is identified

as an attack.

By combining and even specifying the order in which signatures or anomalies must match, you can

be very specific about the events that need to take place before IDP identifies traffic as an attack.

If you need to detect an attack that uses several benign activities to attack your network, or if you

want to enforce a specific sequence of events to occur before the attack is considered malicious,

select this option

Click Ok.

To configure a signature attack object:

Configure general attack object properties. For information, see "Configuring General

Properties for Attack Objects" on page 69.

On the Target Platform and Type page, select Signature and click Next.

On the Custom Attack–General Properties page, configure the settings described in

Table 40 on page 71.

Description

Select the frequency that the attack object produces a false positive on your network: Unknown,

Rarely, Occasionally, Frequently.

Chapter 5: Working with Attack Objects

Table of Contents

Creating A Signature Attack Object - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Creating a Signature Attack Object

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents