Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Using Pattern Negation

    You can use pattern negation to exclude a pattern known to be safe and to match all else.

    For example, suppose you are designing an attack object to inspect traffic to an FTP server. You know that account username and passwords are well maintained to ensure that only authorized users can access internal resources. However, as networks grow and new components are added, user accounts can proliferate, thereby increasing network access to specific components. In this example, you have an FTP server on your internal network that has multiple user accounts enabled. To improve security, you want to restrict access to the FTP administrator.

    You create an attack object for the FTP service, ftp-username context, and pattern admin; and you select the Negate check box. The result is an attack object that can flag login attempts by users other than admin. You can use this attack object in a rule that logs or drops matching traffic.


    Published: 2011-02-08