Technical Documentation

Loading J-Security Center Updates (NSM Procedure)

The Juniper Networks Security Center (J-Security Center) routinely makes important updates available to IDP security policy components, including updates to the IDP detector engine and NSM attack database.

The IDP detector engine is a dynamic protocol decoder that includes support for decoding more than 60 protocols and more than 500 service contexts. You should update IDP detector engine when you first install the IDP device, whenever you upgrade IDP software, and whenever alerted to do so by Juniper Networks.

The NSM attack database stores data definitions for attack objects. Attack objects are key components of IDP security policies. J-Security Center updates can include new attack objects, revised severity settings, or removed attack objects. You should schedule daily updates to the NSM attack database.

After you have completed the update, any new attack objects are available in the security policy editor. If you use dynamic groups in IDP rulebase rules and a new attack object belongs to the dynamic group, the rule automatically inherits the new attacks.

J-Security Center updates are packaged and released separately from the IDP operating system and software code base to ensure IDP products protect your network against recently discovered vulnerabilities.

Note: We recommend you subscribe to the IDP Signature Updates technical bulletin to be notified when J-Security Center releases IDP detector engine updates. Go to https://www.juniper.net/alerts/.

Table 1 provides procedures for updating the IDP detector engine and the NSM attack database.

Table 1: IDP Detector Engine and NSM Attack Database Update Procedures

Task

Procedure

To view version information for the installed IDP detector engine

In the NSM Device Manager, double-click the IDP device to display the IDP configuration editor. The Info node displays version information, including the IDP detector engine version.

To update the IDP detector engine

Updating the IDP detector engine is a three part process.

To update IDP detector engine:

  1. Download IDP detector engine and NSM attack database updates to the NSM GUI server:

    In NSM, select Tools > View/Update NSM attack database and complete the wizard steps.

  2. Push the updated IDP detector engine to IDP devices:

    In NSM, select Devices > IDP Detector Engine > Load IDP Detector Engine and complete the wizard steps.

    Note: Updating the IDP detector engine on a device does not require a reboot of the device.

  3. Run a security policy update job to initialize the IDP detector engine update:
    1. In NSM, select Devices > Configuration > Update Device Config.
    2. Select devices to which to push the updates and set update job options.
    3. Click OK.

To update predefined attack objects

Updating attack objects is a two-part process.

To update predefined attack objects:

  1. Download NSM attack database updates to the NSM GUI server:

    From the NSM main menu, select Tools > View/Update NSM attack database and complete the wizard steps.

  2. Push the updates to IDP devices:
    1. From the NSM main menu, select Devices > Configuration > Update Device Config.
    2. Select devices to receive pushed updates and set update job options.
    3. Click OK.

Note: Only the attack objects that are used in IDP rules for the device are pushed from the GUI server to the device.

To schedule regular updates

  1. Log in to the NSM GUI server command line.
  2. Change directory to /usr/netscreen/GuiSvr/utils.

  3. Create a shell script called attackupdates.sh with the following contents:

    • Set the NSMUSER environment variable with an NSM domain/user pair. The command for setting environment variables depends on your OS. For example:
      export NSMUSER=domain/user
    • Set the NSMPASSWD environment variable with an NSM password. The command for setting environment variables depends on your OS and shell. For example: 
      export NSMPASSWD=password
    • Specify a guiSvrCli.sh command string. For example:
      /usr/netscreen/GuiSvr/utils/guiSvrCli.sh --update-attacks --post-action --update-devices --skip
  4. Make the script executable by the user associated with the cron job:
    chmod 700 attackupdates.sh
  5. Run the crontab editor:
    crontab -e
  6. Add an entry for the shell script:
    minutes_after_hour hour * * * /usr/netscreen/GuiSvr/utils/attackupdates.sh

During the update, the guiSvrCli utility updates the attack object database, then performs the post actions. After updating and executing actions, the system generates an exit status code of 0 (no errors) or 1 (errors).

Note: For information on connecting to the NSM command line, see the NSM documentation.

Published: 2010-01-13