Table of Contents
Advertisement
Configuring a Network Baseline
Keeping Your Network Current
Copyright © 2010, Juniper Networks, Inc.
Proactively Updating Your Network on page 728
Reacting to Vulnerability Announcements on page 728
Stopping Worms and Trojans on page 729
A baseline is a static view of your network traffic patterns. This view, which is compiled
from multiple views of traffic over time, represents the normal, known activity that occurs
on your network. By setting a baseline for your network, you can quickly detect any traffic
that deviates from or violates that baseline and take appropriate measures.
Identifying a Baseline
Your devices begin learning your network baseline as soon as the Profiler starts. As your
devices profile the network for the first time, each component appears as new. To avoid
unnecessary log records generated by Profiler alerts, you should ensure that alerts are
not enabled in the Alerts tab of the Profiler Settings dialog box.
During the learning phase, your devices profile the network hosts, servers, and software
applications that they protect; the Profiler synchronizes profile information from the
devices and creates an initial view of your network. Each time you synchronize the devices,
the Profiler incorporates any new data into this view, creating a more complete, up-to-date
image of your network. You should continue to synchronize data daily until you feel the
Profiler is accurately depicting your normal traffic patterns.
Because all networks are different, the learning phase can range from a few hours to a
few weeks.
Setting a Baseline
When you are satisfied that the Profiler has detected each host, protocol, and port that
you want to profile, you have successfully created a network baseline. By itself, this
baseline view can help you implement software and hardware upgrades, take inventory
for new support contracts, plan for a network ROI investigation, and so on.
However, the true power of your network baseline is to enable your devices to identify
network deviations. The Profiler uses the baseline to identify new or unknown hosts or
software that might represent a network vulnerability. Network deviations can be a simple
application update, or a serious security breach.
When enabled, if the device discovers a new host, protocol, or port, the device generates
a log record, such as PROFILER_NEW_HOST, in the subcategory column of the Log Viewer.
Typical networks include multiple servers and hosts, each running different operating
systems and software applications that are important to users on the network. While
this variety helps users accomplish their tasks, it can make it difficult to keep your network
systems current. As new versions or security updates are announced, you must first
determine if your network is affected, locate the affected components, then patch as
appropriate.
Chapter 18: Analyzing Your Network
727
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers