Configuring Extended Information
Configuring External References
Copyright © 2010, Juniper Networks, Inc.
dangerous, and typically are used by network administrators to discover holes in their
own security system.
Category—Enter the category to which the attack object belongs.
Keywords—Enter descriptive words or numbers associated with the attack. Later, after
you have added the custom attack object to the database, you can search using these
keywords to quickly locate the attack.
Recommended—Check this check box if you want this attack object to be part of your
highest-risk set of attack objects. Later, when you add this attack object to dynamic
groups, you can specify whether only Recommended attack objects will be included.
Recommended Action—This field only exists in predefined attack objects. When you
use an attack object in a policy, you can specify what action the IDP device should take
when it detects the attack. However, for IDP-capable devices running IDP 4.1 and later
or ScreenOS 6.0 or later, you can tell the device to use the action recommended by
Juniper Networks for that attack.
Detection Performance—Select High, Medium, Low, or Not defined.
When you have completed entering the basic attack information, you are ready to enter
the extended attack information.
In the Extended tab, enter specific information about the attack. Specifically, the attack
object wizard prompts you for the following:
Impact—Enter details about the impact of a successful attack, including information
about system crashes and access granted to the attacker.
Description—Enter details about how the attack works. You might also consider adding
information on the attack history (such as how it attacked your network and what
steps you took to neutralize the threat).
Tech Info—Enter information about the vulnerability, the commands used to execute
the attack, which files are attacked, registry edits, and other low-level information.
Patches—List any patches available from the product vendor, as well as information
on how to prevent the attack. You might find this information in a network security
advisory or from the product vendor.
NOTE: Use HTML tags to include a hyperlink within the text.
When you have completed entering the extended attack information, you can configure
the external references.
In the Extended tab, enter the external references, such as links to the security
community's official descriptions of an attack, you used when researching the attack.
Chapter 8: Configuring Objects
345
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers