Table 44: Severity Levels, Recommended Actions And Notifications; Adding Idp Attack Objects By Operating System; Adding Idp Attack Objects By Severity; Adding Custom Dynamic Attack Groups - Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Table 44: Severity Levels, Recommended Actions and Notifications

Severity Cause
Critical Attacks attempt to evade an IDS, crash a machine, or gain
system-level privileges.
Major Attacks attempt to crash a service, perform a denial-of-service,
install or use a trojan (1c), or gain user-level access to a host.
Minor Attacks attempt to obtain critical information through directory
traversal or information leaks.
Warning Attacks attempt to obtain noncritical information or scan the
network with a scanning tool. They can also be obsolete attacks
or anomalous (but probably harmless) traffic.
Info Attacks are normal, harmless traffic containing URLs, DNS lookup
failures, and SNMP public community strings. You can use
informational attack objects to obtain information about your
network.
470
NOTE: As of Release 2007.3, a few of the entries in the IDP attack group table, starting
with the Response category, are removed to enhance the performance of IDP devices.
See the latest NSM Release Notes for information on the Response category removed
from the IDP attack group table.

Adding IDP Attack Objects by Operating System

The Operating System group includes attack objects for several predefined operating
systems to help you choose the attack objects that are the most dangerous to specific
components on your network. You can choose BSD, Linux, Solaris, or Windows.

Adding IDP Attack Objects by Severity

The Severity group includes five attack object groups organized by severity level. You
can select one or more groups to include in your rule. To protect critical address objects
or "popular" attacker targets, such as your mail server, use multiple severity levels to
ensure maximum protection.
We recommend using the following actions and notification settings listed in Table 44
on page 470 when using severity-based dynamic attack groups in a rule:
You configure actions in the Action column of the rule; see "Defining Actions For IDP
Rules" on page 467. You configure notification settings in the Notification column of the
rule; see "Configuring Notification in IDP Rules" on page 472.

Adding Custom Dynamic Attack Groups

You can add previously created custom dynamic attack groups to a rule.
Recommended Action Notification
Drop Packet Logging
Alert
Drop Packet Logging
Drop Connection Alert
(no recommended Logging
action)
(no recommended Logging
action)
(no recommended (no
action) recommended
notification)
Copyright © 2010, Juniper Networks, Inc.