Table of Contents
Advertisement
Configuring Extended Information
Configuring External References
Copyright © 2010, Juniper Networks, Inc.
When you have completed entering the basic attack information, you are ready to enter
the extended attack information.
In the Extended Information tab, enter specific information about the attack. Specifically,
the attack object wizard prompts you for the following:
Impact—Enter details about the impact of a successful attack, including information
about system crashes and access granted to the attacker.
Description—Enter details about how the attack works. You might also consider adding
information on the attack history (such as how it attacked your network and what
steps you took to neutralize the threat).
Tech Info—Enter information about the vulnerability, the commands used to execute
the attack, which files are attacked, registry edits, and other low-level information.
Patches—List any patches available from the product vendor, as well as information
on how to prevent the attack. You might find this information in a network security
advisory or from the product vendor.
NOTE: Use HTML tags to include a hyperlink within the text.
When you have completed entering the extended attack information, you are ready to
enter the external references.
In the External References tab, enter the external references, such as links to the security
community's official descriptions of an attack, you used when researching the attack.
External references, in conjunction with standard network security references, can help
other administrators get more information about how an attack works or help you research
and compare the attack in relation to a suspected new attack.
Specifically, the attack object wizard prompts you for the following:
URLs—Enter up to three URLs for external references you used when researching the
attack.
Standard References—Enter the standardized network security organizations' attack
designations for the attack:
CVE (Common Vulnerabilities and Exposures) is a standardized list of vulnerabilities
and other information security exposures. The CVE number is an alphanumeric code,
such as CVE-1999-0003.
BugTraq is a moderated mailing list that discusses and announces computer security
vulnerabilities. The BugTraq ID number is a three-digit code, such as 831 or 120.
When you have completed entering the external references for the attack, you are ready
to select the target platforms for the attack object.
Chapter 8: Configuring Objects
341
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers