Entering Comments; Specifying Vlans; Setting Target Devices; Configuring Network Honeypot Rules - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Specifying VLANs

Setting Target Devices

Entering Comments

Configuring Network Honeypot Rules

Impersonating a Port

Adding the Network Honeypot Rulebase

506
You can specify that the rule be applied only to packets from particular VLANs. See
"Setting VLAN Tags for IDP Rules" on page 480 for more information.
For each rule in the rulebase, you can select the IDP-capable device that will use that
rule to detect and prevent attacks. Alternatively, you can use Device Manager to assign
policies to devices.
You can enter notations about the rule in the Comments column. Anything you enter in
the Comments column is not pushed to the target devices. To enter a comment, right-click
the Comments column and select Edit Comments. The Edit Comments dialog box
appears. You can enter up to 1024 characters in the Comments field.
The Network Honeypot protects your network by impersonating open ports on existing
servers on your network, alerting you to attackers performing port scans and other
information-gathering activities.
Attackers view ports as entry points into your network. You can create counterfeit ports
on existing servers to trick attackers who are attempting to break into your network. A
counterfeit port can appear to offer notoriously vulnerable services to make the port
attractive to attackers.
You create a counterfeit port in the Network Honeypot Rulebase by specifying an
existing network object and choosing a port and service to impersonate. You can also
set an IP Action to perform against the Source IP. If an attacker attempts to
communicate with your counterfeit port, the rule matches and the IP action triggers.
Before you can configure a rule in the Network Honeypot rulebase, you need to add the
Network Honeypot rulebase to a security policy.
In the main navigation tree, select Policies. Open a security policy by double-clicking
1.
the policy name in the Security Policies window or click the policy name and then
select the Edit icon.
Click the Add icon in the upper right corner of the Security Policy window and select
2.
Add Network Honeypot Rulebase. The Network Honeypot rulebase tab appears.
Configure a Network Honeypot rule by clicking the Add icon on the left side of the
3.
Security Policy window. A default Network Honeypot rule appears. You can modify
this rule as needed.
Copyright © 2010, Juniper Networks, Inc.