Table of Contents
Advertisement
Network and Security Manager Administration Guide
694
For example, you want to detect internal traffic that uses a nonstandard port for its
service.
From the Violation Viewer, click on the + icon that appears on the top of the right-hand
1.
window. You can also right-click anywhere in the right-hand window and select Add.
A New Permitted Object window appears.
Name the object "Non-Standard-Ports".
2.
Right-click on the Service column and select Add Service.
3.
Select all predefined services.
4.
Click OK to save the permitted object. After you have created and saved the permitted
5.
object, the object automatically becomes available in the Profiler.
From the Violation Viewer, select the new permitted object "Non-Standard-Ports".
6.
The Profiler uses the object to filter the data collected from the devices. Traffic that
matches the object (uses a standard service port) is filtered out, leaving only the
traffic that does not match (uses a nonstandard service port).
You can now review the data in the Violation Viewer to see all traffic on your network
that uses non standard service ports.
Now that you can see the traffic you do not want on your network, take the appropriate
security measures, for example, remove the unauthorized network components,
incorporate the components/services into your existing corporate security policy, or
create rules in your security policy to restrict the traffic to specific network components.
Example: Detecting Traffic That Is Not Using Primary Services
For example, you want to detect internal traffic that is not using the primary services for
Web access, e-mail, ping, and DNS services. In the Object editor, create a permitted
object to permit all traffic that uses a standard service port. For Service, select the
following predefined services:
dns
http
https
ping
pop3
smtp
ssh
After you have created and saved the permitted object, the object automatically becomes
available in the Profiler.
From the Violation Viewer, select the permitted object Internal Services. The Profiler
1.
uses the permitted object to filter the data collected from the devices. Traffic that
matches the object (uses a service specified in the object) is filtered out, leaving only
the traffic that does not match (does not use a service specified in the object).
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008