Specifying Vlans; Setting Target Devices; Entering Comments; Creating An Exempt Rule From The Log Viewer - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Specifying VLANs

Setting Target Devices

Entering Comments

Creating an Exempt Rule from the Log Viewer

Configuring Backdoor Rules

482
You consistently find that your security policy generates false positives for the attack
HTTP Buffer Overflow: Header on your internal network. You want to exempt attack
detection for this attack when the source IP is from your internal network.
You can specify that the rule be applied only to packets from particular VLANs. See
"Setting VLAN Tags for IDP Rules" on page 469 more information.
For each rule in the rulebase, you can select the IDP-capable device that will use that
rule to detect and prevent attacks. Alternatively, you can use Device Manager to assign
policies to devices.
You can enter notations about the rule in the Comments column. Anything you enter in
the Comments column is not pushed to the target devices. To enter a comment, right-click
the Comments column and select Edit Comments. The Edit Comments dialog box
appears. You can enter up to 1024 characters in the Comments field.
You can also create a rule in the Exempt rulebase directly from the NSM Log Viewer. You
might want to use this method to quickly eliminate rules that generate false positive log
records. .
To create an exempt rule from the Log Viewer:
View the IDP/DI logs in the Log Viewer.
1.
Right-click a log record that contains an attack you want to exempt and select
2.
Exempt.
The Exempt rulebase for the security policy that generated the log record is displayed,
with the exempt rule that is associated with the log entry. The source, destination, and
attack settings for the rule are automatically filled in based on the information in the log
record.
NOTE: If the Exempt rulebase does not already exist when you create an exempt rule
from the Log Viewer, the rulebase is automatically created and the rule is added.
You can modify, reorder, or merge an exempt rule created from the Log Viewer in the
same manner as any other exempt rule that you create directly in the Exempt rulebase.
A backdoor is a mechanism installed on a host computer that facilitates unauthorized
access to the system. Attackers who have already compromised a system can install a
backdoor to make future attacks easier. When attackers type commands to control a
backdoor, they generate interactive traffic.
Copyright © 2010, Juniper Networks, Inc.