Table of Contents
Advertisement
Setting Up the Profiler
Copyright © 2010, Juniper Networks, Inc.
After your devices have started profiling, you can begin to use the profiled data to perform
the following tasks:
Set a network baseline— A baseline can help you track the servers and hosts on the
network, as well as the protocols and services those components use to communicate.
By immediately locating new components on your network, you can ensure that those
components are protected (with a security policy) and that you can track their status
(with the Profiler). For details, see "Configuring a Network Baseline" on page 727.
Update vulnerable systems—The Profiler uses passive fingerprinting to provide you
with an inventory of operating-system and software applications, their versions, and
what components use them. As new versions or security updates are announced, you
must first determine if your network is affected, locate the affected components, and
patch as appropriate. For details, see "Keeping Your Network Current" on page 727.
Immediately locate the source of an internal worm or trojan—The Profiler can show
you exactly when the worm or trojan entered your network, how it was introduced, and
which network components are infected. By filtering the profile data, you can quickly
identify the source and contain the attack to minimize impact, then investigate and
recover from any damage. For details, see "Stopping Worms and Trojans" on page 729.
Detect violations of your corporate security policy— The Profiler can help you confirm
suspected violations such as rogue servers running on the network. Most of the time,
however, you do not know exactly what you are looking for on the network. In these
cases, it is easier to specify exactly what should be on the network, then detect any
traffic that violates that specification. To detect violations, you can use a special type
of object, called a permitted object, to define what you should see on the network.
The following sections detail how to set up, configure, and use your profiled data as
described previously.
Using the Profiler involves the following steps:
Configure the Profiler to collect specific information about your internal network.
Update Profiler Settings on the device after you configure the Profiler.
Start the Profiler to enable your device to begin collecting data.
Customize Profiler preferences.
You configure your device to collect specific information and compile it into the Profiler
DB.
NOTE: Because devices collect data from network components on your
internal network, it is helpful to create network objects to represent those
components before you begin configuring the Profiler. Alternatively, you can
create new network objects directly from the Profiler.
Chapter 18: Analyzing Your Network
711
Advertisement
Table of Contents
