Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Attack Name and Description
342
In the Attack Name and Description tab. enter basic information about the attack, such
as the attack object name and attack severity. You can also enter additional information,
such as a general description and keywords, which can make it easier for you to locate
and maintain the attack object as you use it in your firewall rules. Specifically, the attack
object wizard prompts you for the following:
Name—Enter an alphanumeric name for the object. You might want to include the
protocol the attack uses in the attack name.
Description—Enter important information about the attack, such as why you created
the attack object, how the attack or exploit works, and what specific systems on your
network the attack object is intended to protect. For example, you might want to include
the following information:
Attack type (buffer overflow, password exploit, format string attack,
denial-of-service)
Affected system (hardware, operating system, software application, or protocol the
attack targets)
Attack mechanism (how the attack works)
Attack lethality (the consequences of a successful attack)
You are not required to include all this information when creating a new custom
attack object, but it's a good idea. If you ever need to edit this attack object, the
description can help you remember important information about the attack.
Severity—Select the severity that matches the lethality of this attack on your network.
Severity categories, in order of increasing lethality, are: info, warning, minor, major,
critical. Critical attacks are the most dangerous—typically these attacks attempt to
crash your server or gain control of your network. Informational attacks are the least
dangerous, and typically are used by network administrators to discover holes in their
own security system.
Category—Enter the category to which the attack object belongs.
Keywords—Enter descriptive words or numbers associated with the attack. Later, after
you have added the custom attack object to the database, you can search using these
keywords to quickly locate the attack.
Recommended—Check this check box if you want this attack object to be part of your
highest-risk set of attack objects. Later, when you add this attack object to dynamic
groups, you can specify whether only Recommended attack objects will be included.
Recommended Action—This field only exists in predefined attack objects. When you
use an attack object in a policy, you can specify what action the IDP device should take
when it detects the attack. However, for IDP-capable devices running IDP 4.1 and later
or ScreenOS 6.0 or later, you can tell the device to use the action recommended by
Juniper Networks for that attack.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
