Table of Contents
Advertisement
Table 11: NSM Policy Data Elements (continued)
Data Element
Description
multicast
Reference of the multicast rulebase. Multicast rule data elements are included in a security policy.
For more information, see "Multicast (rb_multicast_collection)" on page 43.
idp
Reference of the IDP rulebase, Idp rule data elements are included in a security policy. For more
information, see "IDP (rb_idp_collection)" on page 39.
exempt
Reference of the Exempt rulebase. Exempt rule data elements are included in a security policy. For
more information, see "Exempt (rb_exempt_collection)" on page 30.
backdoor
Reference of the backdoor rulebase. Backdoor rule data elements are included in a security policy.
For more information, see "Backdoor (rb_backdoor_collection)" on page 25.
portfaker
Network Honeypot (portfaker) rulebase. These data elements are included in a security policy. For
more information, see "Traffic Anomalies (rb_tsig_collection)" on page 48.
syndef
Reference of the SYN Protector rulebase, These data elements are included in a security policy. For
more information, see "SYN Protector (rb_syndef_collection)" on page 45.
tsig
Traffic Anomalies rulebase. These data elements are included in a security policy. For more
information, see "Traffic Anomalies (rb_tsig_collection)" on page 48.
Security Rulebases
Backdoor (rb_backdoor_collection)
Copyright © 2010, Juniper Networks, Inc.
NSM security policies are configured by applying rules that are grouped into rulebases.
Each rulebase can contain one or more rules, which are statements that define specific
types of network traffic. When traffic passes through a security device, the device attempts
to match that traffic against its list of rules. If a rule is matched, the device performs the
action defined in the rule against the matching traffic. Zone rules enable traffic to flow
between zones (interzone) or between two interfaces bound to the same zone (intrazone).
Global rules are valid across all zones available on the device. Security devices process
rules in the zone-specific rulebase first, and then rules in the global rulebase.
The NSM API data model supports the security policy rulebases summarized in the
following sections.
The backdoor rulebase collection (rb_backdoor_collection) contains rules that enable
NSM to detect attempted backdoor intrusions. A backdoor is a mechanism installed on
a host computer that enables unauthorized access to the system. Attackers who have
already compromised a system can install a backdoor to make future attacks easier.
When attackers type commands to control a backdoor, they generate interactive traffic.
Unlike antivirus software, which scans for known backdoor files or executables on the
host system, IDP detects the interactive traffic that is produced when backdoors are
used. If interactive traffic is detected, IDP can perform IP actions against the connection
to prevent the attacker from further compromising your network.
Chapter 5: Security Data Model
25
Advertisement
Table of Contents
