Juniper Networks regularly updates the predefined attack database
and makes it available on the Juniper Networks website. This database
includes attack object groups that you can use in IDP policies to
match traffic against known attacks. Although you cannot create, edit,
or delete predefined attack objects, you can use the CLI to update
the list of attack objects that you can use in IDP policies. After
downloading the security package, you must install the package to
update the security database with the newly downloaded updates from
the Staging folder in your device.
Establish basic connectivity. See the Getting
Started Guide for your device.
Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
The configuration instructions in this topic describe how to
download the security package with the complete table of attack objects
and attack object groups, create a policy, and specify the new policy
as the active policy. This example then describes how to download
only the updates that Juniper Networks has recently uploaded and then
update the attack database, running policy, and detector with these
new updates.
You can use either J-Web or the CLI configuration editor to
manually download and update the signature database.
Check the attack database update status
with the following command. The command output displays information
about the downloaded and installed versions of attack database versions.
user@host> request security idp security-package
install status
Commit the configuration.
After committing the configuration, the attack
objects and groups are available in the CLI under the predefined-attack-groups and predefined-attacks configuration statements at the [edit security idp idp-policy] hierarchy level.
Associate attack objects or attack object groups
with the policy. The following statement associates the recommended
attack object group Response_Critical-TELNET with policy1:
user@host# set security idp idp-policy policy1
rulebase-ips rule rule1 match attacks predefined-attack-groups “Response_Critical
- TELNET”
Activate the policy. The following statement
makes policy1 the active policy on the device:
user@host# set security idp active-policy
policy1
Commit the configuration.
After a week, if you want to download only the
updates that Juniper Networks has recently uploaded, use the following
command:
If you are finished configuring the router,
commit the configuration.
From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more
information, see the JUNOS Software CLI Reference.
