Table 44: Severity Levels, Recommended Actions And Notifications; Adding Idp Attack Objects By Operating System; Adding Idp Attack Objects By Severity - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Table 44: Severity Levels, Recommended Actions and Notifications

Severity Cause
Critical Attacks attempt to evade an IDS, crash a machine, or gain
system-level privileges.
Major Attacks attempt to crash a service, perform a denial-of-service,
install or use a trojan (1c), or gain user-level access to a host.
Minor Attacks attempt to obtain critical information through directory
traversal or information leaks.
476
protocol is a specification that indicates how communication between two entities
(applications, servers, Ethernet cards, etc.) occurs.
When attacking a system, attackers use the protocol of a supported service to
communicate their malicious activity to the server. However, attackers can only use
protocols that are supported by the system they are attacking. You can add a category
group to the Attacks column in your rule; however, you need to select only the categories
that are used by the address objects you are protecting with the rule.
For example, if you rely extensively on FTP and HTTP for file transfers to and from your
Web servers, choose the FTP and HTTP category groups to carefully monitor all traffic
that uses these services.
NOTE: As of Release 2007.3, a few of the entries in the IDP attack group
table, starting with the Response category, are removed to enhance the
performance of IDP devices. See the latest NSM Release Notes for information
on the Response category removed from the IDP attack group table.

Adding IDP Attack Objects by Operating System

The Operating System group includes attack objects for several predefined operating
systems to help you choose the attack objects that are the most dangerous to specific
components on your network. You can choose BSD, Linux, Solaris, or Windows.

Adding IDP Attack Objects by Severity

The Severity group includes five attack object groups organized by severity level. You
can select one or more groups to include in your rule. To protect critical address objects
or "popular" attacker targets, such as your mail server, use multiple severity levels to
ensure maximum protection.
We recommend using the following actions and notification settings listed in Table 44
on page 476 when using severity-based dynamic attack groups in a rule:
Recommended Action Notification
Drop Packet Logging
Alert
Drop Packet Logging
Drop Connection Alert
(no recommended Logging
action)
Copyright © 2010, Juniper Networks, Inc.