Table of Contents
Advertisement
Network and Security Manager Administration Guide
Table 42: Severity Levels, Recommended Actions and Notifications
Severity
Cause
Critical
Attacks attempt to evade an IDS, crash a machine, or gain
system-level privileges.
Major
Attacks attempt to crash a service, perform a denial-of-service,
install or use a trojan (1c), or gain user-level access to a host.
Minor
Attacks attempt to obtain critical information through directory
traversal or information leaks.
Warning
Attacks attempt to obtain noncritical information or scan the
network with a scanning tool. They can also be obsolete attacks
or anomalous (but probably harmless) traffic.
Info
Attacks are normal, harmless traffic containing URLs, DNS lookup
failures, and SNMP public community strings. You can use
informational attack objects to obtain information about your
network.
466
NOTE: As of Release 2007.3, a few of the entries in the IDP attack group table, starting
with the Response category, are removed to enhance the performance of IDP devices.
See the latest NSM Release Notes for information on the Response category removed
from the IDP attack group table.
Adding IDP Attack Objects by Operating System
The Operating System group includes attack objects for several predefined operating
systems to help you choose the attack objects that are the most dangerous to specific
components on your network. You can choose BSD, Linux, Solaris, or Windows.
Adding IDP Attack Objects by Severity
The Severity group includes five attack object groups organized by severity level. You
can select one or more groups to include in your rule. To protect critical address objects
or "popular" attacker targets, such as your mail server, use multiple severity levels to
ensure maximum protection.
We recommend using the following actions and notification settings listed in Table 42
on page 466 when using severity-based dynamic attack groups in a rule:
You configure actions in the Action column of the rule; see "Defining Actions For IDP
Rules" on page 463. You configure notification settings in the Notification column of the
rule; see "Configuring Notification in IDP Rules" on page 468.
Adding Custom Dynamic Attack Groups
You can add previously created custom dynamic attack groups to a rule.
Recommended Action
Notification
Drop Packet
Logging
Alert
Drop Packet
Logging
Drop Connection
Alert
(no recommended
Logging
action)
(no recommended
Logging
action)
(no recommended
(no
action)
recommended
notification)
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
