Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    IDP Rulebase Example: Using Recommended Attack Objects

    This example demonstrates the usefulness of Juniper Networks Security Center (J-Security Center) recommended attack objects.

    When you add attack objects to an IDP rulebase rule, you have the option of adding:

    • Predefined attack objects by group
    • Recommended predefined attack objects by group
    • Custom attacks

    Figure 1 shows recommended attack objects in the dialog box for adding attack objects to the IDP rulebase.

    The groups marked Recommended have the following special features:

    • Recommended attacks have been identified and coded for their recommended purpose by J-Security Center, a world class team of security experts.
    • Recommended attack groups are dynamic groups, so members are added or deleted as appropriate during NSM attack database updates.

    When you get started with an IDP Series deployment, you should use the recommended attack objects and enable notification for rule matches. Later, you can turn off logging (at your discretion). If you find you need to customize attack object properties, you can make a copy of the recommended attack object and modify it with your required properties. Then you can replace the recommended attack object with the custom attack object in your IDP rulebase rule.

    Note: If you use a recommended attack object as the basis for a custom attack object, be sure to view the original attack object from time-to-time after attack database updates. If J-Security Center makes changes to the original, you must manually propagate changes to your custom attack object.

    Best Practice: Each attack object specified in an IDP rulebase rule has a performance cost. We recommend that your rules include only the attack objects that are applicable to the rule destination server and only those of a severity that concerns you. We also recommend that you create more rules with a few attack objects in each rather than fewer rules with many attack objects.


    Published: 2011-02-08