Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Predefined Security Policies (NSM Procedure)

    The highly respected Juniper Networks Security Center team (J-Security Center) provides the default IDP security policy—named Recommended. We advise that you use this policy to protect your network from the likeliest and most dangerous attacks.

    Table 1 summarizes the properties of the Recommended security policy.

    Table 1: Recommended Security Policy Definition

    PropertyValue

    Rulebase

    IDP Rulebase

    Rules

    9 rules, distinguished by attack object

    Traffic source

    Any

    Service

    Default, meaning the matching property is based on the service bindings of the attack object specified by the rule

    Destination

    Any

    Attacks

    Recommended IP, Recommended TCP, Recommended ICMP, Recommended HTTP, Recommended SMTP, Recommended DNS, Recommended FTP, Recommended POP3, Recommended IMAP, Recommended Trojan, Recommended Virus, Recommended Worm

    Action

    Recommended, meaning the action is specified by the attack object

    Notification

    Logging

    If you prefer, you can copy this security policy and use it as a template for a custom security policy tailored for your network.

    Table 2 describes other IDP security policy templates.

    Table 2: IDP Security Policy Templates

    TemplateDescription

    all_with_logging

    Includes all attack objects and enables packet logging for all rules.

    all_without_logging

    Includes all attack objects but does not enable packet logging.

    dmz_services

    Protects a typical DMZ environment.

    dns_server

    Protects DNS services.

    file_server

    Protects file sharing services, such as SMB, NFS, FTP, and others.

    getting_started

    Contains very open rules. Useful in controlled lab environments, but should not be deployed on heavy traffic live networks.

    idp_default

    Contains a good blend of security and performance.

    web_server

    Protects HTTP servers from remote attacks.

    If you use these templates, we advise you customize them for your deployment. At a minimum, you should change the destination IP setting from Any to the IP addresses for specific servers you want to protect. For more information, see the IDP Concepts & Examples guide.

    Published: 2013-01-03