Table of Contents
Advertisement
Setting Up the Profiler
Copyright © 2010, Juniper Networks, Inc.
After your devices have started profiling, you can begin to use the profiled data to perform
the following tasks:
Set a network baseline— A baseline can help you track the servers and hosts on the
network, as well as the protocols and services those components use to communicate.
By immediately locating new components on your network, you can ensure that those
components are protected (with a security policy) and that you can track their status
(with the Profiler). For details, see "Configuring a Network Baseline" on page 701.
Update vulnerable systems—The Profiler uses passive fingerprinting to provide you
with an inventory of operating-system and software applications, their versions, and
what components use them. As new versions or security updates are announced, you
must first determine if your network is affected, locate the affected components, and
patch as appropriate. For details, see "Keeping Your Network Current" on page 701.
Immediately locate the source of an internal worm or trojan—The Profiler can show
you exactly when the worm or trojan entered your network, how it was introduced, and
which network components are infected. By filtering the profile data, you can quickly
identify the source and contain the attack to minimize impact, then investigate and
recover from any damage. For details, see "Stopping Worms and Trojans" on page 703.
Detect violations of your corporate security policy— The Profiler can help you confirm
suspected violations such as rogue servers running on the network. Most of the time,
however, you do not know exactly what you are looking for on the network. In these
cases, it is easier to specify exactly what should be on the network, then detect any
traffic that violates that specification. To detect violations, you can use a special type
of object, called a permitted object, to define what you should see on the network.
The following sections detail how to set up, configure, and use your profiled data as
described previously.
Using the Profiler involves the following steps:
Configure the Profiler to collect specific information about your internal network.
Update Profiler Settings on the device after you configure the Profiler.
Start the Profiler to enable your device to begin collecting data.
Customize Profiler preferences.
You configure your device to collect specific information and compile it into the Profiler
DB.
NOTE: Because devices collect data from network components on your internal network,
it is helpful to create network objects to represent those components before you begin
configuring the Profiler. Alternatively, you can create new network objects directly from
the Profiler.
Chapter 17: Analyzing Your Network
685
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers