Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER - APPLICATION CONFIGURATION GUIDE REV 1
Summary of Contents for Juniper SECURITY THREAT RESPONSE MANAGER - APPLICATION CONFIGURATION GUIDE REV 1
- Page 1 Security Threat Response Manager STRM Application Configuration Guide Release 2008.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-025610-01, Revision 1...
- Page 2 Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
-
Page 3: Table Of Contents
ONTENTS BOUT UIDE Conventions Technical Documentation Documentation Feedback Requesting Support EFINING PPLICATION APPINGS About the STRM Applications View Defining Application Mappings Example of a Mapping File EFAULT PPLICATIONS ICMP T YPE AND Identifying Default ICMP Types Identifying Default ICMP Codes ROTOCOL... -
Page 5: About This Guide
Information that alerts you to potential personal injury. Technical You can access technical documentation, technical notes, and release notes Documentation directly from the Juniper networks Support Web site at http:// www.juniper.net/support Documentation We encourage you to provide feedback, comments, and suggestions so that we Feedback can improve the documentation. -
Page 6: Requesting Support
BOUT UIDE Requesting • Open a support case using the Case Management link at Support or call 1-888-314-JTAC (from the United States, http://www.juniper.net/support/ Canada, or Mexico) or 1-408-745-9500 (from elsewhere). STRM Default Application Configuration Guide... -
Page 7: Efining Pplication Appings
EFINING PPLICATION APPINGS By default, STRM can classify many applications. When creating new or customized application mappings, you must: Update the Application Views in the STRM Administration interface, which Step 1 contains group and object information. For more information on updating the Applications Views, see the STRM Administration Guide. - Page 8 EFINING PPLICATION APPINGS Figure 1-1 Example of Application View You can edit the user defined mapping file to ensure specific traffic is appropriately classified in the STRM interface. However, STRM also includes default application IDs, which you can view in the Applications View of the STRM interface. For example, in Figure 1-1, the Chat group includes the default AOL group, which is...
- Page 9 When adding new application identification numbers, we recommend that you • apply numbers ranging between 15,000 to 20,000. Contact Juniper Networks Customer Support for further information. The format of the entry must resemble the following: <New ID>...
-
Page 10: Example Of A Mapping File
EFINING PPLICATION APPINGS Note: For information on creating or editing views, see the STRM Administration Guide. From the menu, select Configurations > Deploy configuration changes. Step 8 The Deploy configuration changes window appears: Click Close. Step 9 You have successfully deployed your changes. Example of a 15000 1010 10.100.100/24,10.100.50.10:* 172.14.33.33:80,443 AllowedWebTypeA Mapping File... - Page 11 EFAULT PPLICATIONS STRM includes default application IDs, which you can view in the Applications View of the STRM interface. This chapter provides the default application values as they appear in the Applications View. The default application values apply to all source and destination flows, however, the destination port is specific to the application.
- Page 12 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Chat 5685 MSN Traffic Chat 5695 MSN Traffic Chat 5831 MSN Traffic Chat 5832 MSN Traffic Chat 5847 MSN Traffic ClientServer CVSpserver 60150 CVS traffic. CientServer CVSup 60129 CVS traffic.
- Page 13 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description DataTransfer Microsoft-ds 60142 Microsoft directory server traffic. DataTransfer Misc-Transfer-Ports 21878 Misc common data traffic ports. DataTransfer 1007 Network File System (NFS) traffic. DataTransfer NNTPNews 1013 NNTP traffic. DataTransfer NW5-CMD 60078 Netware traffic.
-
Page 14: Default Applications
EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description DataTransfer 5845 FTP traffic. DataTransfer Misc-Transfer-Ports 21879 Miscellaneous data traffic ports. DataTransfer Misc-Transfer-Ports 21910 Miscellaneous data traffic ports. DataTransfer Misc-Transfer-Ports 21919 Miscellaneous data traffic ports. DataTransfer Misc-Transfer-Ports 22012 Miscellaneous data traffic ports. - Page 15 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description DataWarehousing Oracle 37871 Oracle traffic. DataWarehousing Oracle 37914 Oracle traffic. DataWarehousing Oracle 38292 Oracle traffic. DataWarehousing Oracle 42060 Oracle traffic. DataWarehousing OracleClient 60086 OracleClient traffic. DataWarehousing PostgreSQL 37292 PostgreSQL traffic. DataWarehousing Progress 60110 Progress traffic.
- Page 16 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Games Unreal 60117 Unreal traffic. Games YahooGames 60120 YahooGames traffic. Healthcare DICOM 60143 DICOM traffic. Healthcare 60154 HL7 traffic. InnerSystem Flowgen 1023 Flow Collector and Flow Processor traffic. InnerSystem Common-Ports 51332...
- Page 17 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Mail Misc-Mail-Port 27668 Misc-Mail-Port traffic. Mail Misc-Mail-Port 22079 Misc-Mail-Port traffic. Mail Misc-Mail-Port 22158 Misc-Mail-Port traffic. Mail Misc-Mail-Port 22177 Misc-Mail-Port traffic. Mail Misc-Mail-Port 22178 Misc-Mail-Port traffic. Mail Misc-Mail-Port 22184 Misc-Mail-Port traffic. Mail Misc-Mail-Port 22314...
- Page 18 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Misc Authentication 21140 Authentication traffic. Misc Authentication 21624 Authentication traffic. Misc Authentication 51341 Authentication traffic. Misc Authentication 51342 Authentication traffic. Misc Authentication 51343 Authentication traffic. Misc Authentication 51344 Authentication traffic.
- Page 19 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Misc ManagementServices 34221 ManagementServices traffic. Misc ManagementServices 34556 ManagementServices traffic. Misc ManagementServices 34557 ManagementServices traffic. Misc ManagementServices 34560 ManagementServices traffic. Misc ManagementServices 34563 ManagementServices traffic. Misc ManagementServices 34564 ManagementServices traffic. Misc ManagementServices 34636...
- Page 20 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Misc Misc-Ports 21073 Misc-Ports traffic. Misc Misc-Ports 21074 Misc-Ports traffic. Misc Misc-Ports 21081 Misc-Ports traffic. Misc Misc-Ports 21109 Misc-Ports traffic. Misc Misc-Ports 21116 Misc-Ports traffic. Misc Misc-Ports 21121 Misc-Ports traffic.
- Page 21 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Misc SNMP-Ports 21300 SNMP-Ports traffic. Misc SymantecGhost 34729 Symantec Ghost traffic. Misc Syslog 1015 Syslog traffic Misc Time 21200 Time traffic. Misc Time 21006 Time traffic. Misc Unknown_TCP 34803 Unknown TCP traffic.
- Page 22 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Common-P2P-Port 33955 Common P2P port traffic. Common-P2P-Port 33956 Common P2P port traffic. DirectConnect 5863 DirectConnect traffic. DirectConnect 5864 DirectConnect traffic. DirectConnect 5865 DirectConnect traffic. DirectConnect 5866 DirectConnect traffic. DirectConnect 5867 DirectConnect traffic.
- Page 23 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description RemoteAccess CitrixICA 5671 Remote Access Citrix ICA Traffic. RemoteAccess GoToMyPC 60164 GoToMyPC traffic. RemoteAccess JavaRMI 60109 JavaRMI traffic. RemoteAccess MSTerminalServices 6001 MS terminal services. RemoteAccess OpenConnect-JCP 60085 OpenConnect-JCP traffic. RemoteAccess OpenWindows 34807...
- Page 24 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description RoutingProtocols AURP 60011 AURP traffic. RoutingProtocols BGP 60029 BGP traffic. RoutingProtocols BPDU 34821 BPDU traffic. RoutingProtocols Banyan-VINES 34838 Banyan-VINES traffic. RoutingProtocols CBT 60045 CBT traffic. RoutingProtocols CiscoOUI 34823 CiscoOUI traffic.
- Page 25 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description Streaming Abacast 60174 Abacast traffic. Streaming H.261 34829 H.261 traffic. Streaming H.262 34828 H.262 traffic. Streaming H.263 34827 H.263 traffic. Streaming MPEG-Audio 60053 MPEG-Audio traffic. Streaming MPEG-Video 60054 MPEG-Video traffic. Streaming MicrosoftMediaServer 4002 Streaming Microsoft Media...
- Page 26 EFAULT PPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description VoIP I-Phone 60066 I-Phone traffic. VoIP MCK-Signaling 60094 MCK-Signaling traffic. VoIP MCK-Voice 60095 MCK-Voice traffic. VoIP MGCP 60152 MGCP traffic. VoIP Megaco 60155 Megaco traffic. VoIP Micom-VIP 60035 Micom-VIP traffic.
- Page 27 Table 2-1 Default Applications (continued) Application View Group Sub-Component Value Description WebMediaAudio 5003 WebMediaAudio traffic. WebMediaAudio 5004 WebMediaAudio traffic. WebMediaAudio 5021 WebMediaAudio traffic. WebMediaAudio 5031 WebMediaAudio traffic. WebMediaDocuments 5010 WebMediaDocuments traffic. WebMediaDocuments 5011 WebMediaDocuments traffic. WebMediaDocuments 5012 WebMediaDocuments traffic. WebMediaDocuments 5030 WebMediaDocuments traffic.
-
Page 29: Icmp Type And Code Ids
ICMP T YPE AND This chapter provides information on default ICMP type and Code IDs including: Identifying Default ICMP Types • Identifying Default ICMP Codes • Identifying Default Table 3-1 lists the default ICMP Codes: ICMP Types Table 3-1 ICMP Types ICMP Type Description EchoReply DestinationUnreachable... - Page 30 ICMP T YPE AND Identifying Default Table 3-2 lists the default ICMP codes: ICMP Codes Table 3-2 ICMP Codes ICMP Code Description Destination Unreachable Codes Net Unreachable Host Unreachable Protocol Unreachable Port Unreachable Fragmentation Needed and Don't Fragment was Set Source Route Failed Destination Network Unknown Destination Host Unknown...
- Page 31 Identifying Default ICMP Codes Table 3-2 ICMP Codes (continued) ICMP Code Description Bad Length STRM Default Application Configuration Guide...
-
Page 33: Protocol Ids
ROTOCOL This chapter provides information on default protocols IDs used in STRM. Table 4-1 lists the default common protocols: Table 4-1 Protocol ID Protocol ID Protocol Port Description ICMP IGMP IDPR-CMTP IPv6 RSVP NARP OSPFIGP IPIP SCTP STRM Default Application Configuration Guide... - Page 35 This chapter provides information on default port IDs used by STRM. Table 5-1 lists the default common ports: Table 5-1 Port ID Port Protocol Protocol Description File Transfer Protocol File Transfer Protocol Secure Shell Telnet SMTP Send Mail Transfer Protocol Domain Name Service DHCP Dynamic Host Control Protocol...
-
Page 36: Port Ids
Table 5-1 Port ID (continued) Port Protocol Protocol Description 1243 SubSeven and other trojans 1433 Microsoft SQL Server 1521 Oracle SQL 2049 Network File System 3306 mySQL 4000 6000 X Windowing System 6699 Napster 6667 6776 SubSeven and other trojans 8080 HTTP 31337...