Table of Contents
Advertisement
Network and Security Manager Administration Guide
Viewing Attack Version Information for Attack Objects
Viewing Predefined DI Attack Object Groups
Updating Predefined DI Attack Objects and Groups
Creating DI Profiles
338
To view individual predefined attack objects, select Attack . The Predefined Attacks tab
(default view) displays a table of predefined attack objects that represent known and
unknown attack patterns. Use the Predefined Attacks tab to quickly view details about
an attack object, such as name of the attack object, attack severity, attack category, and
attack references. To view the properties for an attack, right-click the attack and select
View.
To locate all firewall rules that use a predefined attack object or group, right-click the
attack object and select View Usages.
You can view details for predefined attack objects; however, not all details are applicable
to all attacks.
The Pattern field under the Detection tab in the Attack Version dialog box contains the
regular expression used to identify the attack. Juniper Networks Security Engineering
might choose to hide the exact pattern for specific attack objects. This is done to protect
the confidentiality of either the source or target of the specific attack object. In such
cases, the field displays Protected instead of the regular expression.
To view attack version information, click one of the Supported Platform links within an
attack object dialog box.
To view predefined attack object groups, in Object Manager, select Attack Objects , then
select the Predefined Attack Groups tab. The name of each attack object group indicates
the severity, protocol, and attack type of the individual attack objects contained within.
For example, the predefined attack object group CRITICAL:DNS:ANOMALY contains
predefined protocol anomaly attack objects that detect critical Domain Name Service
(DNS) attacks.
To locate all firewall rules that use a predefined attack object or group, right-click the
attack object group and select View Usages.
You cannot create, edit, or delete predefined DI attack objects or groups, but you can
update the attack object database with new attack objects created by Juniper Networks.
Updates can include:
New descriptions or severities for existing attack objects
New attack objects
Deletion of obsolete attack objects
A Deep Inspection (DI) Profile object contains predefined attack object groups (created
by Juniper Networks), and your own custom attack object groups. After creating the DI
Profile, you add the Profile object in the Rule Option column of a firewall rule.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
