Table of Contents
Advertisement
Using the Attack Object Wizard
Copying and Editing Predefined Attack Objects to Create Custom Attack Objects
Copyright © 2010, Juniper Networks, Inc.
information, attack pattern, and other important information. After you have configured
the object however, you use each object differently:
To use a custom DI attack object to protect your network, you must add the object to
a custom attack object group and then a DI Profile object, which you then select within
the Rule Options of a firewall rule. For information about creating a custom attack
object group, see "Creating Custom IDP Attack Groups" on page 357. For information
about creating a DI Profile object, see "Creating DI Profiles" on page 334.
To use a custom IDP attack object to protect your network, you can add the attack
object in an IDP rule.
NSM enables you to import custom attacks and custom attack groups from SRX Series
devices and display them as shared objects in Object Manager. You can also edit
custom attacks and custom attack groups using Object Manager and update the device
with these changes.
To help you create custom attack objects, NSM UI uses a Custom Attack Object wizard
to guide you through each step. During the creation process, the wizard prompts you for:
Attack object information—You must supply an attack object name and configure the
target platforms that support the attack object. You can also create an attack
description, enter attack references, and set a severity for the attack object, if desired.
The following sections detail the general attack object information fields.
Attack Version information—After you have selected the target platforms, you must
supply information about the attack version, including the protocol and context used
to perpetrate the attack. when the attack is considered malicious, the direction and
flow of the attack, the signature pattern of the attack, and the values found in the
header section of the attack traffic.
To create a custom attack object, from the main navigation tree, select Object Manager
> Attack Objects > DI Objects or IDP Objects, then select the Custom Attacks tab. Click
the Add icon to display the custom attack object wizard.
You can also make a copy of a predefined attack object. This copy is a custom attack
object, which you can modify like any other custom object. The copy must have a different
name than the original, predefined attack object.
To create a custom version of a predefined attack object, open an existing predefined
attack object, and click the Edit button in the Attack Viewer. A new attack object with
the same parameters as the existing predefined attack object appears. The new object
has the same name as the previous object, but with " -Copy" appended. After editing the
parameters that you want, click OK.
The following sections explain the attack object creation process; for instructions for
creating a custom attack object, see the NSM Online Help topic, "Creating Custom Attack
Objects." The fields that can be modified are described below.
Chapter 8: Configuring Objects
339
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers