Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Using Predefined Security Policies

    The Juniper Networks Security Center team (J-Security Center) provides the default IDP security policy—named Recommended. We advise that you use this policy to protect your network from the likeliest and most dangerous attacks.

    Table 1 summarizes the settings of the recommended security policy.

    Property

    Value

    Rulebase

    IDP rulebase.

    Rules

    Nine rules, distinguished by attack object.

    Source

    Any, meaning the source setting is not used to match traffic.

    Service

    Default, meaning the matching property is based on the service bindings of the attack object specified by the rule.

    Destination

    Any, meaning the destination setting is not used to match traffic.

    Attacks

    • Recommended IP
    • Recommended TCP
    • Recommended ICMP
    • Recommended HTTP
    • Recommended SMTP
    • Recommended DNS
    • Recommended FTP
    • Recommended POP3
    • Recommended IMAP
    • Recommended Trojan
    • Recommended Virus
    • Recommended Worm

    Action

    Recommended, meaning the action is specified by the attack object

    Notification

    Logging.

    If you prefer, you can copy this security policy and use it as a template for a custom security policy tailored for your network. You use the New Security Policy wizard to create a custom security policy based on a template.

    Table 2 describes other IDP security policy templates.

    Table 2: IDP Security Policy Templates

    Template

    Description

    all_with_logging

    Includes all attack objects and enables packet logging for all rules. This policy is provided for lab use and is not recommended in production.

    all_without_logging

    Includes all attack objects but does not enable packet logging.

    dmz_services

    Protects a typical DMZ environment.

    dns_server

    Protects DNS services.

    file_server

    Protects file sharing services, such as SMB, NFS, FTP, and others.

    getting_started

    Contains very open rules. Useful in controlled lab environments, but should not be deployed on live networks with heavy traffic.

    idp_default

    Contains a set of attack groups that balances security and performance.

    web_server

    Protects HTTP servers from remote attacks.

    If you use these templates, we advise you to customize them for your deployment. At a minimum, you should change the destination IP setting from Any to the IP addresses for specific servers you want to protect.

    Note: Predefined policies include only client-to-server attack objects. If you are interested in tracking server-to-client attacks, be sure to add rules for them to your policy.


    Published: 2011-02-08