Table of Contents
Advertisement
Network and Security Manager Administration Guide
486
To detect attacks between two network, select multiple address objects for the Source
and Destination.
The more specific you are in defining the source and destination of an attack, the more
you reduce false positives.
Configuring User Roles for APE Rules
User roles are configured in conjunction with source IP addresses. You select either a
user role or a source IP address for the APE rule. If you configure a user role in a APE rule,
you must also set the source address to "any". NSM does not automatically set the source
address to "any" when a user role is configured in the rule but displays a message that
only a user role or a source address can be specified in a rule.
To select or configure a user role, right-click the User Role column of a rule and select
1.
Select User Role.
From the Select User Roles dialog box, select a device from the Device drop down
2.
menu.
Use the Add or Remove button to add or remove user roles.
3.
Click OK.
4.
Configuring Services for APE Rules
Services are application layer protocols that define how data is structured as it travels
across the network. Because the services you support on your network are the same
services that attackers must use to attack your network, you can specify which services
are supported by the destination IP to make your rule more efficient.
NOTE: All services rely on a transport layer protocol to transmit data. IDP
includes services that use TCP, UDP, RPC, and ICMP transport layer protocols.
Service objects represent the services running on your network. NSM includes predefined
service objects that are based on industry-standard services. You use these service
objects in rules to specify the service an attack uses to access your network. You can
also create custom service objects to represent protocols that are not included in the
predefined services.
In the Service column you select the service of the traffic you want IDP to match:
Select Default to accept the service specified by the attack object you select in the
Attacks column. When you select an attack object in the Attack column, the service
associated with that attack object becomes the default service for the rule. To see the
exact service, view the attack object details.
Select Any to set any service.
Select Service to choose specific services from the list of defined service objects.
For example, to take some action on FTP traffic, set the service to Default and add the
application object FTP. The Service column in the rule still displays "Default," but the
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
