Copyright © 2010, Juniper Networks, Inc.
However, when attackers enter commands to control a backdoor, they generate
interactive traffic that your security device can detect.
Add this rulebase to your security policy when you want to configure rules that detect
backdoor activity on your internal network. For details on configuring rules in the
Backdoor Detection Rulebase, see "Configuring Backdoor Rules" on page 494.
NOTE: NSM does not import IDP rulebases in a security policy when
importing the device configuration from an existing IDP-capable security
device.
If you are using a security policy template, the IDP rulebases are automatically added to
the policy. However, if you are not using a template, you must manually add the IDP
rulebases to your policy.
To add the IDP, Exempt, or Backdoor Detection rulebase:
In the Configure panel of the main navigation tree, select Policy Manager > Security
1.
Policies, then double-click the policy name in the Security Policies window.
Click the Add icon in the upper right corner of the Security Policy window and select
2.
Add Backdoor Rulebase to open the selected rulebase tab.
Configure IDP Rules
IDP detection and prevention capabilities work against attacks by dropping connections
during the attack detection process, preventing attacks from reaching the target system.
To add a rule to a rulebase:
Click the rulebase tab for the rulebase in which you want to add a rule.
1.
On the left side of the Security Policy window, click the Add icon to open a default
2.
rule.
For rules in the IDP rulebase, you define the type of network traffic to monitor, the attacks
to detect, the action to be taken against matching traffic, and the notification you want
to receive. Specifically, you must configure the following:
Configure Match Criteria—Define the type of network traffic you want the IDP security
module to monitor for attacks, such as source-destination zones, source-destination
address objects, and the application layer protocols (services) supported by the
destination address object. You can also negate zones, address objects, or services.
You configure the match criteria in the following IDP rulebase columns:
From Zone
Source
To Zone
Chapter 2: Planning Your Virtual Network
51