Figure 109: Viewing Summary Panel; Table 105: Irrelevant Versus Relevant Attacks; Identifying Irrelevant Attacks - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Identifying Irrelevant Attacks

Copyright © 2010, Juniper Networks, Inc.
Your log entries are a valuable tool in helping you identify irrelevant attacks. Irrelevant
attacks are events that do not affect your network or that you do not consider important.
Typically, you want to identify irrelevant attacks to:
Reduce the number of log entries and increase system performance.
Isolate log entries for harmless attacks.
Focus on log entries for attacks to which you are actually vulnerable.
Select a log entry generated by a protocol anomaly or signature attack object, then view
the Summary panel to see the attack description. An example is shown in Figure 109 on
page 777.

Figure 109: Viewing Summary Panel

Look carefully at the information about affected systems, and compare it with what you
know about your network. Use the information in Table 105 on page 777 to determine if
the attack is relevant:

Table 105: Irrelevant Versus Relevant Attacks

Irrelevant Attacks
Attack target hardware you do not use.
Example: Attacks that exploit Cisco routers do
not affect Lucent routers.
Attack target software you do not use.
Example: Attacks that exploit Microsoft IIS Web
servers do not affect Apache Web servers.
Attack target software versions you do not use.
If the attack is irrelevant, you can remove the matching attack object group from the rule
that triggered the log entry, or monitor the attack object group using custom severity
setting.
Chapter 19: Logging
Relevant Attacks
Attack attempts to exploit vulnerabilities in the
hardware you use in your network.
Attack attempts to exploit vulnerabilities in the
software running on your network.
Attack attempts to exploit vulnerabilities in the
software versions running on your network.
777