Table of Contents
Advertisement
Network and Security Manager Administration Guide
Copying and Editing Predefined Attack Objects to Create Custom Attack Objects
Configuring Attack Name and Description
344
To create a custom attack object, from the main navigation tree, select Object Manager
> Attack Objects > DI Objects or IDP Objects, then select the Custom Attacks tab. Click
the Add icon to display the custom attack object wizard.
You can also make a copy of a predefined attack object. This copy is a custom attack
object, which you can modify like any other custom object. The copy must have a different
name than the original, predefined attack object.
To create a custom version of a predefined attack object, open an existing predefined
attack object, and click the Edit button in the Attack Viewer. A new attack object with
the same parameters as the existing predefined attack object appears. The new object
has the same name as the previous object, but with " -Copy" appended. After editing the
parameters that you want, click OK.
The following sections explain the attack object creation process; for instructions on
creating a custom attack object, see the NSM Online Help topic, "Creating Custom Attack
Objects." The fields that can be modified are described below.
In the General tab, enter basic information about the attack, such as the attack object
name and attack severity. You can also enter additional information, such as a general
description and keywords, which can make it easier for you to locate and maintain the
attack object as you use it in your firewall rules. Specifically, the attack object wizard
prompts you for the following:
Name—Enter an alphanumeric name for the object. You might want to include the
protocol the attack uses in the attack name.
Description—Enter important information about the attack, such as why you created
the attack object, how the attack or exploit works, and what specific systems on your
network the attack object is intended to protect. For example, you might want to include
the following information:
Attack type (buffer overflow, password exploit, format string attack,
denial-of-service)
Affected system (hardware, operating system, software application, or protocol the
attack targets)
Attack mechanism (how the attack works)
Attack lethality (the consequences of a successful attack)
You are not required to include all this information when creating a new custom
attack object, but it is a good idea. If you ever need to edit this attack object, the
description can help you remember important information about the attack.
Severity—Select the severity that matches the lethality of this attack on your network.
Severity categories, in order of increasing lethality, are: info, warning, minor, major,
critical. Critical attacks are the most dangerous—typically these attacks attempt to
crash your server or gain control of your network. Informational attacks are the least
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
