Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Updating the IDP Signature Database Manually

    This example shows how to update the IDP signature database manually.

    Requirements

    Before you begin, configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices PDF Document.

    Overview

    Juniper Networks regularly updates the predefined attack database and makes it available as a security package on the Juniper Networks website. This database includes attack object and attack object groups that you can use in IDP policies to match traffic against known attacks.

    In this example, you download the security package with the complete table of attack objects and attack object groups. Once the installation is completed, the attack objects and attack object groups are available in the CLI under the predefined-attack-groups and predefined-attacks configuration statements at the [edit security idp idp-policy] hierarchy level. You create a policy and specify the new policy as the active policy. You also download only the updates that Juniper Networks has recently uploaded and then update the attack database, the running policy, and the detector with these new updates.

    Configuration

    CLI Quick Configuration

    CLI quick configuration is not available for this example because manual intervention is required during the configuration.

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To manually download and update the signature database:

    1. Specify the URL for the security package.
      [edit]user@host# set security idp security-package url https://services.netscreen.com/cgi-bin/index.cgi

      Note: By default it will take URL as https://services.netscreen.com/cgi-bin/index.cgi.

    2. Commit the configuration.
      [edit]user@host# commit
    3. Switch to operational mode.
      [edit]user@host# exit
    4. Download the security package.
      user@host>request security idp security-package download full-update
    5. Check the security package download status.
      user@host>request security idp security-package download status
    6. Update the attack database using install command.
      user@host>request security idp security-package install
    7. Check the attack database update status with the following command. The command output displays information about the downloaded and installed versions of attack database versions.
      user@host>request security idp security-package install status
    8. Switch to configuration mode.
      user@host>configure
    9. Create an IDP policy.
      [edit ]user@host#edit security idp idp-policy policy1
    10. Associate attack objects or attack object groups with the policy.
      [edit security idp idp-policy policy1]user@host#set rulebase-ips rule rule1 match attacks predefined-attack-groups “Response_Critical”
    11. Set action.
      [edit security idp idp-policy policy1]user@host#set rulebase-ips rule rule1 then action no-action
    12. Activate the policy.
      [edit]user@host#set security idp active-policy policy1
    13. Commit the configuration.
      [edit]user@host# commit
    14. After a week, download only the updates that Juniper Networks has recently uploaded.
      user@host>request security idp security-package download
    15. Check the security package download status.
      user@host>request security idp security-package download status
    16. Update the attack database, the active policy, and the detector with the new changes.
      user@host>request security idp security-package install
    17. Check the attack database, the active policy and the detector using install status.
      user@host>request security idp security-package install status

      Note: It is possible that an attack is removed from the new version of an attack database. If this attack is used in an existing policy on your device, the installation of the new database will fail. An installation status message identifies the attack that is no longer valid. To update the database successfully, remove all references to the deleted attack from your existing policies and groups, and rerun the install command.

    Results

    From configuration mode, confirm your configuration by entering the show security idp command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]user@host# show security idpidp-policy policy1 {rulebase-ips {rule rule1 {match {attacks {predefined-attack-groups Response_Critical;}}then {action {no-action; } } } } }

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    To confirm that the configuration is working properly, perform this task:

    Verifying the IDP Signature Database Manually

    Purpose

    Display the IDP signature database manually.

    Action

    From operational mode, enter the show security idp command.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page