Table of Contents
Advertisement
Configuring the Direction Filter
Creating Custom DI Attack Groups
Creating Custom IDP Attack Groups
Copyright © 2010, Juniper Networks, Inc.
Suppose you know that the attack always contains the pattern s1, followed by either s2
or s3. Further, you know that the attack always contains s4 and s5, but their positions in
the attack can vary.
You might create the following Boolean expression:
((s1 oand s2) or (s1 oand s3)) and (s4 and s5)
Use the direction filter to specify the direction (Any, Client-to-Server, Server-to-Client)
of traffic in which the attack object attempts to match an attack. Each attack version in
the attack object retains its own direction; however, you can use the direction filter to
change which direction is monitored by the attack object. Only those attack versions that
match the direction filter are active in the attack object.
By default, the direction filter is automatically set to the direction of the most
recently-created or edited attack version.
You can create custom attack object groups to contain your custom DI attack objects.
After you add these custom groups to a DI profile, you can then configure a firewall rule
to use that DI Profile.
All DI attack object groups (both predefined and custom) are considered " static" groups,
meaning that they do not change. To add or delete an attack object from the group, you
must manually edit the group members.
A custom attack object group can contain custom attack objects and other custom
attack object groups. You cannot add predefined attack objects or predefined attack
object groups to a custom attack object group. To use both predefined and custom attack
objects in a firewall rule, create a DI Profile that includes predefined and custom attack
object groups, then use this profile object within the Rule Options of a firewall rule. For
information about creating a DI Profile, see "Creating DI Profiles" on page 336.
NOTE: Attack group names cannot be the same as attack object names.
NSM contains a database of hundreds of predefined attack objects designed to protect
networks from multiple attack vectors.
For IDP attack objects, you can create static or dynamic groups to contain predefined or
custom attack objects. A static group contains only the groups or attack objects you
specify, while a dynamic group contains attack objects based on criteria you specify.
Although you do not have to create a group to use an attack object within an IDP rule
(you can add attack objects individually or by group), organizing attack objects into
groups can help keep your security policies organized.
Chapter 8: Configuring Objects
359
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?