Using Predefined Security Policies
The Juniper Networks Security Center team (J-Security Center) provides the default IDP security policy—named Recommended. We advise that you use this policy to protect your network from the likeliest and most dangerous attacks.
Table 1 summarizes the settings of the recommended security policy.
Table 1: Recommended Security Policy Settings
Property | Value |
|---|---|
Rulebase | IDP rulebase. |
Rules | Nine rules, distinguished by attack object. |
Source | Any, meaning the source setting is not used to match traffic. |
Service | Default, meaning the matching property is based on the service bindings of the attack object specified by the rule. |
Destination | Any, meaning the destination setting is not used to match traffic. |
Attacks |
|
Action | Recommended, meaning the action is specified by the attack object |
Notification | Logging. |
If you prefer, you can copy this security policy and use it as a template for a custom security policy tailored for your network. You use the New Security Policy wizard to create a custom security policy based on a template.
Table 2 describes other IDP security policy templates.
Table 2: IDP Security Policy Templates
Template | Description |
|---|---|
all_with_logging | Includes all attack objects and enables packet logging for all rules. This policy is provided for lab use and is not recommended in production. |
all_without_logging | Includes all attack objects but does not enable packet logging. |
dmz_services | Protects a typical DMZ environment. |
dns_server | Protects DNS services. |
file_server | Protects file sharing services, such as SMB, NFS, FTP, and others. |
getting_started | Contains very open rules. Useful in controlled lab environments, but should not be deployed on live networks with heavy traffic. |
idp_default | Contains a set of attack groups that balances security and performance. |
web_server | Protects HTTP servers from remote attacks. |
If you use these templates, we advise you to customize them for your deployment. At a minimum, you should change the destination IP setting from Any to the IP addresses for specific servers you want to protect.
