Table of Contents
Advertisement
Working with DI Attack Objects
Viewing Predefined DI Attack Objects
Viewing Attack Version Information for Attack Objects
Copyright © 2010, Juniper Networks, Inc.
Deep Inspection (DI) attack objects contain attack patterns and protocol anomalies for
known attacks and unknown attacks that attackers can use to compromise your network.
DI attack objects must be part of an attack object group, and a DI Profile object before
you can use them in a firewall rule to prevent malicious traffic from entering your network.
NOTE: Deep Inspection is supported by NS-5GT devices, the NS-HSC, and all devices
running ScreenOS 5.3 or later.
To create a Deep Inspection (DI) Profile object, you add predefined attack object groups
(created by Juniper Networks) and your own custom attack object groups to the Profile
object. After creating the DI Profile, you add the Profile object in the Rule Option column
of a firewall rule. If an attack is detected, the device generates an attack log entry that
appears in the Log Viewer.
For information about configuring Deep Inspection in a firewall rule, see "Creating DI
Profiles" on page 334.
NSM contains a database of hundreds of predefined DI attack objects designed to protect
networks from multiple attack vectors. Predefined groups contain attack objects, which
you can use in a DI Profile to match traffic against known and unknown attacks.
NOTE: NSM displays a superset of all predefined DI attack objects. Based on the
platform and ScreenOS firmware version, security devices include a specific subset of
DI attack objects. Therefore, the list of predefined DI attack objects displayed in the
NSM UI might not match the list of predefined DI attack objects on the physical security
device.
To view individual predefined attack objects, select Attack . The Predefined Attacks tab
(default view) displays a table of predefined attack objects that represent known and
unknown attack patterns. Use the Predefined Attacks tab to quickly view details about
an attack object, such as name of the attack object, attack severity, attack category, and
attack references. To view the properties for an attack, right-click the attack and select
View.
To locate all firewall rules that use a predefined attack object or group, right-click the
attack object and select View Usages.
You can view details for predefined attack objects; however, not all details are applicable
to all attacks.
The Pattern field under the Detection tab in the Attack Version dialog box contains the
regular expression used to identify the attack. Juniper Networks Security Engineering
Chapter 8: Configuring Objects
333
Advertisement
Table of Contents
