Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 328
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table B-10 Default Building Blocks (continued)
Building Block
Default-BB-Network
Definition: Client
Networks
Default-BB-Network
Definition: Honeypot like
Addresses
Default-BB-Network
Definition: NAT Address
Range
Default-BB-Network
Definition: Server
Networks
Default-BB-Network
Definition: Undefined IP
Space
Default-BB-Policy:
Application Policy
Violation Events
Default-BB-Policy: IRC/IM
Connection Violations
Default-BB-Policy: Policy
P2P
Default-BB-PortDefinition:
Database Ports
Default-BB-PortDefinition:
DHCP Ports
Default-BB-PortDefinition:
DNS Ports
Default-BB-PortDefinition:
FTP Ports
Default-BB-PortDefinition:
Game Server Ports
Block
Group
Type
Description
Network
Event Edit this BB to include all networks
Definition
that include client hosts.
Network
Event Edit this BB by replacing the other
Definition
network with network objects
defined in your network hierarchy
that are currently not in use in your
network or are used in a honeypot
or tarpit installation. Once these
have been defined, you must
enable the Default-Rule-Anomaly:
Potential Honeypot Access rule.
You must also add a
security/policy sentry to these
network objects to generate events
based on attempted access.
Network
Event Edit this BB to define typical
Definition
Network Address Translation
(NAT) range you wish to use in
your deployment.
Network
Event Edit this BB to include the
Definition
networks where your servers are
located.
Network
Event Edit this BB to include areas of
Definition
your network that does not contain
any valid hosts.
Policy
Event Edit this BB to define policy
application and violation events.
Policy
Event Edit this BB to define all policy
IRC/IM connection violations.
Policy
Event Edit this BB to include all events
that indicate Peer-to-Peer (P2P)
events.
Port\
Event Edit this BB to include all common
Protocol
database ports.
Definition
Port\
Event Edit this BB to include all common
Protocol
DHCP ports.
Definition
Port\
Event Edit this BB to include all common
Protocol
DNS ports.
Definition
Port\
Event Edit this BB to include all common
Protocol
FTP ports.
Definition
Port\
Event Edit this BB to include all common
Protocol
game server ports.
Definition
Associated Building
Blocks, if applicable
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series