Table of Contents
Advertisement
Creating Custom IDP Attack Groups
Creating Static Attack Groups
Copyright © 2010, Juniper Networks, Inc.
NSM contains a database of hundreds of predefined attack objects designed to protect
networks from multiple attack vectors.
For IDP attack objects, you can create static or dynamic groups to contain predefined or
custom attack objects. A static group contains only the groups or attack objects you
specify, while a dynamic group contains attack objects based on criteria you specify.
Although you do not have to create a group to use an attack object within an IDP rule
(you can add attack objects individually or by group), organizing attack objects into
groups can help keep your security policies organized.
A static group contains a specific, finite set of attack objects or groups. There are two
types of static groups: predefined static groups and custom static groups.
A custom static group can include the same members as a predefined static group
(predefined attack objects, predefined static groups, and predefined dynamic groups),
plus the following members:
Custom attack objects
Custom dynamic groups
Other custom static groups
Use static groups to define a specific set of attacks to which you know your network is
vulnerable, or to group custom attack objects. For example, you might want to create a
group for a specific set of informational attack objects that keep you aware of what is
happening on your network.
Static groups require more maintenance than dynamic groups because you must manually
add or remove attack objects in a static group to change the members. However, you
can include a dynamic group within a static group to automatically update some attack
objects. For example, the predefined attack object group Operating System is a static
group that contains four predefined static groups: BSD, Linux, Solaris, and Windows. The
BSD group contains the predefined dynamic group BSD-Services-Critical, to which attack
objects can be added during an attack database update.
To create a custom static group:
In Object Manager, select Attack Objects > IDP Objects. The IDP Objects dialog box
1.
appears.
Click the Custom Attack Groups tab, then click the Add icon and select Add Static
2.
Group. The New Static Group dialog box appears.
Enter a name and description for the static group. Select a color for the group icon.
3.
To add an attack or group to the static group, select the attack or group from the
4.
Attacks/Group list and click the Add button.
Click OK.
5.
Chapter 8: Configuring Objects
363
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers