Adding Custom Dynamic Attack Groups; Configuring Ip Actions In Idp Rules - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Table 44: Severity Levels, Recommended Actions and Notifications (continued)
Severity Cause
Warning Attacks attempt to obtain noncritical information or scan the
network with a scanning tool. They can also be obsolete attacks
or anomalous (but probably harmless) traffic.
Info Attacks are normal, harmless traffic containing URLs, DNS lookup
failures, and SNMP public community strings. You can use
informational attack objects to obtain information about your
network.

Configuring IP Actions in IDP Rules

Copyright © 2010, Juniper Networks, Inc.
You configure actions in the Action column of the rule; see "Defining Actions For IDP
Rules" on page 473. You configure notification settings in the Notification column of the
rule; see "Configuring Notification in IDP Rules" on page 479.

Adding Custom Dynamic Attack Groups

You can add previously created custom dynamic attack groups to a rule.
Additionally, after you have added the custom group to a rule, you can edit the settings
for the dynamic group by double-clicking the group icon in the rule.
This column only appears when you view the security policy in Expanded Mode. To change
the security policy view from Compact Mode to Expanded Mode, from the menu bar,
select View > Expanded Mode.
If the current network traffic matches a rule, the security device can perform an IP action
against future network traffic that uses the same IP address. IP actions are similar to
other actions; they direct the device to drop or close the connection. However, because
you now also have the attacker's IP address, you can choose to block the attacker for a
specified amount of time. If attackers cannot immediately regain a connection to your
network, they might try to attack easier targets.
Use IP actions in conjunction with actions and logging to secure your network. In a rule,
first configure an action to detect and prevent current malicious connections from reaching
your address objects. Then right-click in the IP Action column of the rule and select
Configure. The Configure IP Action dialog box appears, as shown in Figure 83 on page 478.
Enable and configure an IP action to prevent future malicious connections from the
attacker's IP address.
Chapter 9: Configuring Security Policies
Recommended Action Notification
(no recommended Logging
action)
(no recommended (no
action) recommended
notification)
477