Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Loading J-Security Center Updates (NSM Procedure)

    The Juniper Networks Security Center (J-Security Center) routinely makes important updates available to IDP security policy components:

    • Detector engine. The IDP detector engine is a dynamic protocol decoder that includes support for decoding more than 60 protocols and more than 500 service contexts. You should update IDP detector engine when you first install IDP, whenever you upgrade, and whenever alerted to do so by Juniper Networks. You can view release notes for detector engine updates at https://www.juniper.net/techpubs/software/management/idp/de/.
    • Attack database. The attack signature database stores data definitions for attack objects. Attack objects are patterns comprising stateful signatures and traffic anomalies. You specify attack objects in IDP rulebase rules.
    • Application signature database. The application signature database stores data definitions for application objects. Application objects are patterns used to identify applications and match APE rulebase rules.

    J-Security Center updates are packaged and released separately from the IDP operating system and software code base to ensure IDP products protect your network against recently discovered vulnerabilities. We recommend you schedule automatic updates for the attack database and application database. For IDP Series devices, both databases are distributed in “signature database updates”.

    After you have completed the update, any new attack objects and application objects are available in the security policy editor. If you use dynamic groups in IDP rulebase rules and a new attack object belongs to the dynamic group, the rule automatically inherits the new attacks.

    Note: We recommend you subscribe to the IDP Signature Updates technical bulletin to be notified when J-Security Center releases IDP detector engine updates. Go to https://www.juniper.net/alerts/.

    Table 1 provides procedures for updating the IDP detector engine and the NSM attack database.

    Table 1: IDP Detector Engine and NSM Attack Database Update Procedures

    Task

    Procedure

    To view version information for the installed IDP detector engine

    In the NSM Device Manager, double-click the IDP Series device to display the IDP Series device configuration editor. The Info node displays version information, including the IDP detector engine version.

    To update the IDP detector engine

    Updating the IDP detector engine is a three part process.

    To update IDP detector engine:

    1. Download IDP detector engine and NSM attack database updates to the NSM GUI server:

      In NSM, select Tools > View/Update NSM attack database and complete the wizard steps.

    2. Push the updated IDP detector engine to IDP Series devices:

      In NSM, select Devices > IDP Detector Engine > Load IDP Detector Engine and complete the wizard steps.

      Note: Updating the IDP detector engine on a device does not require a reboot of the device.

    3. Run a security policy update job to initialize the IDP detector engine update:
      1. In NSM, select Devices > Configuration > Update Device Config.
      2. Select devices to which to push the updates and set update job options.
      3. Click OK.

    To update predefined attack objects and application objects

    Updating attack objects is a two-part process.

    To update predefined attack objects:

    1. Download NSM attack database updates to the NSM GUI server:

      From the NSM main menu, select Tools > View/Update NSM attack database and complete the wizard steps.

    2. Push the updates to IDP Series devices:
      1. From the NSM main menu, select Devices > Configuration > Update Device Config.
      2. Select devices to receive pushed updates and set update job options.
      3. Click OK.

    Note: Only the attack objects that are used in IDP rules for the device are pushed from the GUI server to the device.

    To schedule regular updates

    1. Log in to the NSM GUI server command line.
    2. Change directory to /usr/netscreen/GuiSvr/utils.
    3. Create a shell script called attackupdates.sh with the following contents:

      • Set the NSMUSER environment variable with an NSM domain/user pair. The command for setting environment variables depends on your OS. For example:
        export NSMUSER=domain/user
      • Set the NSMPASSWD environment variable with an NSM password. The command for setting environment variables depends on your OS and shell. For example:
        export NSMPASSWD=password 
      • Specify a guiSvrCli.sh command string. For example:
        /usr/netscreen/GuiSvr/utils/guiSvrCli.sh --update-attacks --post-action --update-devices --skip
    4. Make the script executable by the user associated with the cron job:
      chmod 700 attackupdates.sh
    5. Run the crontab editor:
      crontab -e
    6. Add an entry for the shell script:
      minutes_after_hour hour * * * /usr/netscreen/GuiSvr/utils/attackupdates.sh

    During the update, the guiSvrCli utility updates the attack object database, then performs the post actions. After updating and executing actions, the system generates an exit status code of 0 (no errors) or 1 (errors).

    Note: For information on connecting to the NSM command line, see the NSM documentation.


    Published: 2011-02-08