Table of Contents
Advertisement
Network and Security Manager Administration Guide
Setting Operation
Setting Response Options
Setting Notification
496
Right-click the cell in the Operation column and select Impersonate. This tells the IDP
Sensor to impersonate the indicated services on the indicated device.
The IP Action column governs what action the IDP Sensor takes when it finds a matching
condition.
Right-click the rulebase cell in the IP Action column and select Configure. The Configure
IP Action dialog displays.
Configure your IP Action settings as appropriate for your network.
You can choose to log an attack and create log records with attack information that you
can view real-time in the Log Viewer. For more critical attacks, you can also set an alert
flag to appear in the log record.
To log an attack for a rule, right-click the Notification column of the rule and select
Configure. The Configure Notification dialog box appears.
Setting Logging
In the Configure Notification dialog box, select Logging and then click OK. Each time the
rule is matched, the IDP system creates a log record that appears in the Log Viewer.
You can choose to log an attack and create log records with attack information that you
can view real-time in the Log Viewer. For more critical attacks, however, you might want
to be notified immediately by e-mail, have IDP run a script in response to the attack, or
set an alarm flag to appear in the log record. Your goal is to fine-tune the attack
notifications in your security policy to your individual security needs.
Setting an Alert
In the Configure Notification dialog box, select Alert and then click OK. If Alert is selected
and the rule is matched, IDP places an alert flag in the alert column of the Log Viewer
for the matching log record.
Logging Packets
You can record the individual packets in the network traffic that matched a rule by
capturing the packet data for the attack. Viewing the packets used in an attack on your
network can help you determine the extent of the attempted attack and its purpose,
whether or not the attack was successful, and any possible damage to your network.
NOTE: To improve IDP performance, log only the packets after the attack.
If multiple rules with packet capture enabled match the same attack, IDP captures the
maximum specified number of packets. For example, you configure Rule 1 to capture 10
packets before and after the attack, and Rule 2 to capture 5 packets before and after
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
