Table of Contents
Advertisement
Network and Security Manager Administration Guide
472
Your mail server supports POP3 and SMTP connections but not IMAP. Set POP3 and
SMTP service objects as services that can be used to attack that server. Because IMAP
is not supported, you do not need to add the IMAP service object.
If you are supporting services on nonstandard ports, you should choose a service other
than default.
You use a nonstandard port (8080) for your HTTP services. Use the Object Manager to
create a custom service object on port 8080.
Add this service object to your rule, then add several HTTP attack objects, which have a
default service of TCP/80. IDP uses the specified service, HTTP-8080, instead of the
default, and looks for matches to the HTTP attacks in TCP traffic on port 8080.
You can create your own service objects to use in rules, such as service objects for
protocols that use nonstandard ports. However, you cannot match attack objects to
protocols they do not use.
Configuring Terminal IDP Rules
The normal IDP rule-matching algorithm starts from the top of the rulebase and checks
traffic against all rules in the rulebase that match the source, destination, and service. A
terminal rule is an exception to this normal rule-matching algorithm. When a match is
discovered in a terminal rule for the source, destination, and service, IDP does not continue
to check subsequent rules for the same source, destination, and service. It does not matter
whether or not the traffic matches the attack objects in the matching rule.
You can use a terminal rule for the following purposes:
To set different actions for different attacks for the same Source and Destination. This
is illustrated by rules 3 and 6 in the "Setting Terminal Rules" example below.
To disregard traffic that originates from a known trusted Source. Typically the action
is None for this type of terminal rule. This is illustrated by rule 1 in the "Setting Terminal
Rules" example below.
To disregard traffic that is sent to a server that is only vulnerable to a specific set of
attacks. Typically, the action is Drop Connection for this type of terminal rule.
Use caution when defining terminal rules. You can inadvertently leave your network open
to attacks by creating an inappropriate terminal rule. Remember that traffic matching
the source, destination, and service of a terminal rule is not compared to subsequent
rules, even if the traffic does not match an attack object in the terminal rule. Use a terminal
rule only when you want to examine a certain type of traffic for one specific set of attack
objects and no others. Be particularly careful about terminal rules using " any" for both
the source and destination.
Terminal rules should appear near the top of the rulebase, before other rules that would
match the same traffic. You set a rule as terminal by selecting the box in the Terminate
Match column of the Security Policy window when the rule is created or modified.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers