Table of Contents

About This Guide
Objectives
Audience
Conventions
List of Technical Publications
Requesting Technical Support
Getting Started
Intrusion Detection and Prevention Device and NSM Installation Overview
Intrusion Detection and Prevention Device Installation Overview
NSM Installation Overview
Understanding Intrusion Detection and Prevention Device Configuration and Integration Overview
NSM and Intrusion Detection and Prevention Device Management Overview
Intrusion Detection and Prevention Services and Device Configurations Supported in NSM
Adding Intrusion Detection and Prevention Devices in NSM Overview
Adding Intrusion Detection and Prevention Clusters in NSM Overview
Using Templates and Configuration Groups in NSM Overview
Configuring Intrusion Detection and Prevention Devices
Configuring Profiler Settings
Configuring Profiler Options (NSM Procedure)
Specifying General Options
Specifying Tracked Hosts
Specifying Context Targets
Specifying Alert Options
Viewing Profiler Logs (NSM Procedure)
Application Profiler
Protocol Profiler
Network Profiler
Violation Viewer
Modifying Profiler Settings (NSM Procedure)
Configuring Profiler Database Preferences (NSM Procedure)
Displaying Profiler Database Information (NSM Procedure)
Querying the Profiler Database (NSM Procedure)
Purging the Profiler Database (NSM Procedure)
Configuring Security Policies
Intrusion Detection and Prevention Devices and Security Policies Overview
Configuring Predefined Security Policies (NSM Procedure)
Creating a New Security Policy (NSM Procedure)
Modifying IDP Rulebase Rules (NSM Procedure)
Specifying Rule Match Conditions
Specifying IDP Rulebase Attack Objects
Specifying Rule Session Action
Specifying Rule IP Action
Specifying Rule Notification Options
Specifying Rule VLAN Matches
Specifying Rule Targets
Specifying Rule Severity
Specifying Rule Optional Fields
Specifying Rule Comments
Configuring Exempt Rulebase Rules (NSM Procedure)
Configuring Backdoor Rulebase Rules (NSM Procedure)
Configuring SYN Protector Rulebase Rules (NSM Procedure)
Configuring Traffic Anomalies Rulebase Rules (NSM Procedure)
Configuring Network Honeypot Rulebase Rules (NSM Procedure)
Configuring Application Rulebase Rules (NSM Procedure)
Working with Attack Objects
Attack Objects in Intrusion Detection and Prevention Security Policies Overview
Loading J-Security-Center Updates (NSM Procedure)
Viewing Predefined Attack Objects (NSM Procedure)
Working with Attack Groups (NSM Procedure)
Creating Dynamic Groups
Creating Static Groups
Creating a Signature Attack Object (NSM Procedure)
Creating a Compound Attack Object (NSM Procedure)
Verifying the Attack Object Database Version (NSM Procedure)
Updating the IDP Detector Engine (NSM Procedure)
Working with Application Objects
Application Objects in Intrusion Detection and Prevention Security Policies Overview
Viewing Predefined Application Objects (NSM Procedure)
Viewing Predefined Extended Application Objects (NSM Procedure)
Creating a Custom Application (NSM Procedure)
Creating Application Groups (NSM Procedure)
Configuring SNMP and Syslog Settings
Configuring an SNMP Agent (NSM Procedure)
Configuring Syslog Collection (NSM Procedure)
Configuring Anti-Spoof Settings
Configuring Antispoof Settings in Intrusion Detection and Prevention Devices (NSM Procedure)
Example: Applying Antispoof to a Web Server and Database Server (NSM Procedure)
Configuring Intrusion Detection and Prevention Device Settings
Configuring Load-Time Parameters (NSM Procedure)
Configuring Run-Time Parameters (NSM Procedure)
Configuring Router Parameters (NSM Procedure)
Configuring Protocol Handling (NSM Procedure)
Configuring Additional Intrusion Detection and Prevention Features
Configuring Additional Intrusion Detection and Prevention Features Overview
Enabling Intrusion Detection and Prevention Processing of Encrypted and Encapsulated Traffic (NSM Procedure)
Enabling SSL Decryption
Enabling GRE Decapsulation
Enabling GTP Decapsulation
Managing Intrusion Detection and Prevention Devices
Managing Security Policies in Intrusion Detection and Prevention Devices
Assigning a Security Policy in an Intrusion Detection and Prevention Device (NSM Procedure)
Validating a Security Policy (NSM Procedure)
Troubleshooting Security Policy Validation Errors (NSM Procedure)
Pushing Security Policy Updates to an IDP Device (NSM Procedure)
Troubleshooting Configuration Push Errors (NSM Procedure)
Disabling Rules (NSM Procedure)
Exporting Security Policies (NSM Procedure)
Managing Profiler Settings in Intrusion Detection and Prevention Devices
Managing Profiler Settings
Updating Profiler Settings
Starting the Profiler
Stopping the Profiler
Monitoring Intrusion Detection and Prevention Devices
Working with NSM Logs and Reports
NSM Logs and Reports Overview
Viewing Logs
IDP Logs
Using NSM Log Investigator
Using NSM Audit Log Viewer
Viewing Device Status
Viewing NSM Predefined Reports
Creating NSM Custom Reports
Configuring Log Suppression
Working with Intrusion Detection and Prevention Reporter Reports
Intrusion Detection and Prevention Reporter Overview
Index
Index