Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Target Platforms
344
In the Target Platform tab, you must select the target platform, configure the attack
version, then set a direction filter (described in "Configuring the Direction Filter" on
page 359) for the attack object. To select the target platform and configure the attack
version, click the Add icon to display the Attack Version Wizard.
First, you must select the ScreenOS or IDP versions for which the attack object is designed.
Because different versions of ScreenOS and IDP support additional functionality than
previous versions, you must specify the versions that must support the attack object.
To configure the selected target platform, click the Add icon to display the New Supported
Platform dialog box. Select the versions of ScreenOS 5.0 or later or IDP (idp4.0.0) that
must support the attack object. After you have made your selection, the attack object
wizard automatically removes options from the custom attack object creation process
based on the selected target platforms.
NOTE: The string
isp-sos
in a Target Platform label indicates ScreenOS software that
also has IDP capability, such as the software that runs on an ISG2000.
The string
(without the
idp
runs on a standalone IDP device, such as an IDP 600C.
Next, select the type of attack that the attack object detects. After you have added the
supported platform to the custom attack object, you can configure the attack type on
that platform. Select from one of the following attack types:
Signature Attack Object—(DI and IDP attack objects) A signature attack object uses
a stateful attack signature (a pattern that always exists within a specific section of the
attack) to detect known attacks. Stateful signature attack objects also include the
protocol or service used to perpetrate the attack and the context in which the attack
occurs. If you know the exact attack signature, the protocol, and the attack context
used for a known attack, select this option. For more information about creating a
signature attack object, see "Creating a Signature Attack Object" on page 345.
Protocol Anomaly Attack Object—(IDP attack objects only) A protocol anomaly attack
object detects unknown or sophisticated attacks that violate protocol specifications
(RFCs and common RFC extensions). You cannot create new protocol anomalies, but
you can configure a new attack object that controls how the security device handles
a predefined protocol anomaly when detected. If you don't know that exact attack
signature, but you do know the protocol anomaly that detects the attack, select this
option. For more information about creating a protocol anomaly attack object, see
"Configuring a Protocol Anomaly Attack Object" on page 355.
Compound Attack Object—(IDP attack objects only) A compound attack object detects
attacks that use multiple methods to exploit a vulnerability. This object combines
multiple signatures and protocol anomalies into a single attack object, forcing traffic
to match a pattern of combined signatures and anomalies within the compound attack
object before traffic is identified as an attack. By combining and even specifying the
order in which signatures or anomalies must match, you can be very specific about the
) in the Target Platform label indicates software that
sos
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers