Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
NOTE: NSM does not import IDP rulebases in a security policy when importing the
device configuration from an existing IDP-capable security device.
If you are using a security policy template, the IDP rulebases are automatically added to
the policy. However, if you are not using a template, you must manually add the IDP
rulebases to your policy.
To add the IDP, Exempt, or Backdoor Detection rulebase:
In the Configure panel of the main navigation tree, select Policy Manager > Security
1.
Policies, then double-click the policy name in the Security Policies window.
Click the Add icon in the upper right corner of the Security Policy window and select
2.
Add Backdoor Rulebase to open the selected rulebase tab.
Configure IDP Rules
IDP detection and prevention capabilities work against attacks by dropping connections
during the attack detection process, preventing attacks from reaching the target system.
To add a rule to a rulebase:
Click the rulebase tab for the rulebase in which you want to add a rule.
1.
On the left side of the Security Policy window, click the Add icon to open a default
2.
rule.
For rules in the IDP rulebase, you define the type of network traffic to monitor, the attacks
to detect, the action to be taken against matching traffic, and the notification you want
to receive. Specifically, you must configure the following:
Configure Match Criteria—Define the type of network traffic you want the IDP security
module to monitor for attacks, such as source-destination zones, source-destination
address objects, and the application layer protocols (services) supported by the
destination address object. You can also negate zones, address objects, or services.
You configure the match criteria in the following IDP rulebase columns:
From Zone
Source
To Zone
Destination
Service
For details on configuring match criteria within the IDP rulebase, see "Defining Match
For IDP Rules" on page 463.
Add attack objects—Add the attacks you want the IDP security module to match in
the monitored network traffic. Each attack is defined as an attack object, which
represents a known pattern of attack. Whenever this known pattern of attack is
Chapter 2: Planning Your Virtual Network
51
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series