manualshive.com logo in svg

Juniper SECURITY THREAT RESPONSE MANAGER - APPLICATION CONFIGURATION GUIDE REV 1, Configuration Manual

The Juniper SECURITY THREAT RESPONSE MANAGER - APPLICATION CONFIGURATION GUIDE REV 1 is a comprehensive configuration manual that equips users with step-by-step instructions on effectively managing security threats. This manual can be downloaded for free from manualshive.com, enabling users to optimize their network security effortlessly.

Share
Download
background image

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

Part Number: 530-025610-01, Revision 1

Security Threat Response Manager

STRM Application Configuration Guide

Release 2008.2

Summary of Contents for SECURITY THREAT RESPONSE MANAGER - APPLICATION CONFIGURATION GUIDE REV 1

Page 1: ...tworks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA 408 745 2000 www juniper net Part Number 530 025610 01 Revision 1 Security Threat Response Manager STRM Application Configuration Guide Release 2008 2 ...

Page 2: ...diate radio frequency energy If it is not installed in accordance with NetScreen s installation instructions it may cause interference with radio and television reception This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules These specifications are designed to provide reasonable protection ...

Page 3: ...1 Requesting Support 2 1 DEFINING APPLICATION MAPPINGS About the STRM Applications View 1 Defining Application Mappings 2 Example of a Mapping File 4 2 DEFAULT APPLICATIONS 3 ICMP TYPE AND CODE IDS Identifying Default ICMP Types 23 Identifying Default ICMP Codes 24 4 PROTOCOL IDS 5 PORT IDS ...

Page 4: ......

Page 5: ...ck We encourage you to provide feedback comments and suggestions so that we can improve the documentation Send your comments to techpubs comments juniper net or fill out the documentation feedback form at http www juniper net techpubs docbug docbugreport html If you are using e mail be sure to include the following information with your comments Document name Document part number Page number Softw...

Page 6: ...guration Guide 2 ABOUT THIS GUIDE Requesting Support Open a support case using the Case Management link at http www juniper net support or call 1 888 314 JTAC from the United States Canada or Mexico or 1 408 745 9500 from elsewhere ...

Page 7: ... to other systems through the Administration Console For more information see the STRM Administration Guide This chapter provides information on configuring and editing applications in STRM including About the STRM Applications View Defining Application Mappings About the STRM Applications View Once a flow is detected STRM assigns an application ID to the flow based on the content of the flow the ...

Page 8: ...gs To define application mappings Step 1 Using SSH log in to STRM Step 2 Open the following file store configservices staging globalconfig user_application_ mapping conf Note To edit the name of the user_application_mapping conf file you can edit the User Application Mapping parameter in the Flow Processor configuration window For more information see the STRM Administration Guide If the user_appl...

Page 9: ...ain either a comma separated list of addresses or CIDR values A value of indicates a wildcard which means that this field applies to all flows Source Port specifies the associated port This field may contain a comma separated list of values or ranges specifies in the format lower port number upper port number A value of indicates a wildcard which means that this field applies to all flows Dest IP ...

Page 10: ...oy configuration changes The Deploy configuration changes window appears Step 9 Click Close You have successfully deployed your changes Example of a Mapping File 15000 1010 10 100 100 24 10 100 50 10 172 14 33 33 80 443 AllowedWebTypeA 15000 1010 10 100 30 24 172 14 33 20 80 AllowedWebTypeA 15100 33333 64 35 20 24 64 33 16 64 77 34 12 33333 33350 33400 GameX 15100 1 34803 34809 33333 33333 33350 3...

Page 11: ...vides the default Application values for STRM Table 2 1 Default Applications Application View Group Sub Component Value Description Chat AOL ICQ 3001 AOL Instant Messenger AIM traffic Chat CUSeeMe 60016 CUSeeMe traffic Chat Google 3006 Google IM traffic Chat ICQ 3002 ICQ traffic Chat Jabber 3004 Jabber protocol traffic Chat Lotus IM 60162 Lotus IM traffic Chat MSN 3000 MSN traffic Chat Misc_IM 300...

Page 12: ...05 Unisys TCPA traffic ContentDelivery Ariel 419 60166 Ariel content delivery ContentDelivery Ariel 422 60167 Ariel content delivery ContentDelivery BackWeb 60024 BackWeb traffic ContentDelivery Chaincast 60156 Chaincast traffic ContentDelivery EntryPoint 60000 EntryPoint traffic ContentDelivery Kontiki 60148 Kontiki traffic ContentDelivery NewsStand 60146 New strand traffic ContentDelivery Websho...

Page 13: ...ndowsFileSharing 1014 Windows file sharing DataTransfer WindowNetworkPorts 51336 NETBIOS Windows networking DataTransfer WindowsNetworkPorts 51337 NETBIOS Windows networking DataTransfer WindowsNetworkPorts 51338 NETBIOS Windows networking DataTransfer WindowsNetworkPorts 51339 NETBIOS Windows networking DataTransfer WindowsNetworkPorts 51340 NETBIOS Windows networking DataTransfer XFER 21984 XFER...

Page 14: ...e traffic DataWarehousing JDENet 60099 JDENet traffic DataWarehousing MS SQL 10002 Database MS SQL Server DataWarehousing Misc DB 37309 Oracle list service DataWarehousing Misc DB 35298 Oracle list service DataWarehousing Misc DB 39044 Oracle list service DataWarehousing Misc DB 39045 Oracle list service DataWarehousing Misc DB 51249 Oracle list service DataWarehousing MySQL 37291 MySQL traffic Da...

Page 15: ...irectoryServices Ident 60059 Ident traffic DirectoryServices LDAP 34801 LDAP traffic DirectoryServices RRP 60133 RRP traffic DirectoryServices SSDP 60158 SSDP traffic DirectoryServices WINS 60088 WINS traffic DirectoryServices mDNS 60183 mDNS traffic FilePrint IPP 60097 IPP traffic FilePrint Printer 60051 Printer traffic FilePrint tn3287 60062 tn3287 traffic FilePrint tn5250p 60064 tn5250p traffic...

Page 16: ...tProtocol SOAP HTTP 60179 SOAP HTTP traffic Known_to_client_ or_server known 1 Known traffic Legacy AFP 60058 AFT traffic Legacy FNA 60008 FNA traffic Legacy IPX 34837 IPX traffic Legacy LAT 60030 LAT traffic Legacy MOP DL 60130 MOP DL traffic Legacy MOP RC 60131 MOP RC traffic Legacy NETBEUI 60006 NETBEUI traffic Legacy PPP 34846 PPP traffic Legacy PPPoE 60137 PPPoE traffic Legacy SLP 60077 SLP t...

Page 17: ...P 5688 Mail SMTP request Mail SMTP 5691 Mail SMTP request Mail SMTP 5812 Mail SMTP request Mail SMTP 5850 Mail SMTP request Mail SMTP 5851 Mail SMTP request Mail SMTP port 22080 SMTP port traffic Mail biff 60083 biff traffic Misc Anet 34812 Anet traffic Misc AppleOUI 34819 AppleOUI traffic Misc Appletalk IP 51326 Appletalk IP traffic Misc Appletalk IP 51324 Appletalk IP traffic Misc Appletalk IP 5...

Page 18: ...t 21036 DNS Port traffic Misc Daynachip 34815 Daynachip traffic Misc GSM 34830 GSM traffic Misc GSS SPNEGO 5861 GSS SPNEGO traffic Misc Hosts2 Ns 36804 Hosts2 Ns traffic Misc Hosts2 Ns 34804 Hosts2 Ns traffic Misc IPIX 34826 IPIX traffic Misc IPv4 34844 IPv4 traffic Misc IPv6 34845 IPv6 traffic Misc Ingres 34805 Ingres traffic Misc JPEG 34840 JPEG traffic Misc Kerberos 34810 Kerberos traffic Misc ...

Page 19: ...Misc Ports traffic Misc Misc Ports 20909 Misc Ports traffic Misc Misc Ports 20915 Misc Ports traffic Misc Misc Ports 20916 Misc Ports traffic Misc Misc Ports 20996 Misc Ports traffic Misc Misc Ports 20998 Misc Ports traffic Misc Misc Ports 21003 Misc Ports traffic Misc Misc Ports 21007 Misc Ports traffic Misc Misc Ports 21008 Misc Ports traffic Misc Misc Ports 21015 Misc Ports traffic Misc Misc Po...

Page 20: ...c Ports traffic Misc Misc Ports 50643 Misc Ports traffic Misc Misc Ports 50795 Misc Ports traffic Misc MiscApp 1016 MiscApp traffic Misc MiscApp 1018 MiscApp traffic Misc MiscApp 1019 MiscApp traffic Misc MiscApp 1022 MiscApp traffic Misc MiscApplication 34847 MiscApplication traffic Misc MiscProtocol 34848 MiscProtocol traffic Misc NFS 51349 NFS traffic Misc NSP 34842 NSP traffic Misc NTP 34811 N...

Page 21: ... 60055 CiscoDiscovery traffic Network Management FlowRecords 60176 Flow records traffic Network Management ICMP 60009 ICMP traffic Network Management IPComp 60161 IPComp traffic Network Management NetFlowV5 60175 NetFlow v5 traffic Network Management RSVP 60096 RSVP traffic Network Management SMS 60087 SMS traffic Network Management TimeServer 60125 TimeServer traffic Network Management VIPC 34802...

Page 22: ...line 60136 Hotline traffic P2P Kazaa 2001 Fastrack Kazaa traffic P2P LimeWire 2008 LimeWire traffic P2P Morpheus 2010 Morpheus traffic P2P Napster 2011 Napster traffic P2P Napster2 60181 Napster2 traffic P2P OpenNap 2007 OpenNap traffic P2P PeerEnabler 2204 P2P PeerEnabler traffic P2P PeerEnabler 2004 P2P PeerEnabler traffic P2P Piolet 2005 Piolet traffic P2P ScourExchange 60113 ScourExchange traf...

Page 23: ...ffic RemoteAccess SSH Ports 20949 SSH Ports traffic RemoteAccess SSL 60001 SSL traffic RemoteAccess SSL Shell 60092 SSL Shell traffic RemoteAccess SmartSockets 60169 SmartSockets traffic RemoteAccess SunRPC 60027 SunRPC traffic RemoteAccess Tacacs 34808 Tacacs traffic RemoteAccess Telnet 1000 Telnet traffic RemoteAccess Telnet Port 20950 Telnet Port traffic RemoteAccess Timbuktu 60017 Timbuktu tra...

Page 24: ...60031 OSPF traffic RoutingProtocols PAgP 60190 PAgP traffic RoutingProtocols PIM 60044 PIM traffic RoutingProtocols PVSTP 60189 PVSTP traffic RoutingProtocols RARP 60047 RARP traffic RoutingProtocols RIP 60028 RIP traffic RoutingProtocols SpanningTree 60046 Spanning tree traffic RoutingProtocols VLAN Bridge 60191 VLAN Bridge traffic RoutingProtocols VTP 60193 VTP traffic SecurityProtocols DPA 6006...

Page 25: ...MP3 stream Streaming StreamingAudio 4001 Shoutcast MP3 stream Streaming WinMedia 60025 WinMedia traffic Streaming WinampStream 60165 WinampStream traffic Streaming WindowsMediaPlayer 5005 WindowsMediaPlayer traffic Streaming WindowsMediaPlayer 5006 WindowsMediaPlayer traffic Uncommon Protocol DEC 34824 DEC traffic Uncommon Protocol UncommonProtocol 34850 UncommonProtocol traffic Unknown_apps Unkno...

Page 26: ...4 HTTPImage transfer traffic Web HTTPWeb 1010 HTTPWeb traffic Web HTTPWeb 1012 HTTPWeb traffic Web HTTPWeb 1020 HTTPWeb traffic Web JAVA 5050 Java traffic Web NortonAntiVirus 1025 Norton AntiVirus traffic Web SecureWeb 1011 Web HTTPS traffic Web SiteMinder 1026 SiteMinder traffic Web Squid 5070 Squid traffic Web Web Port 21085 World Wide Web HTTP Web Web Port 21739 World Wide Web HTTP Web Web Port...

Page 27: ...diaDocuments traffic Web WebMediaDocuments 5012 WebMediaDocuments traffic Web WebMediaDocuments 5030 WebMediaDocuments traffic Web WebMediaDocuments 5040 WebMediaDocuments traffic Web WebMediaVideo 5002 WebMediaVideo traffic Web WebMediaVideo 5007 WebMediaVideo traffic Web WebMediaVideo 5008 WebMediaVideo traffic Web WebMediaVideo 5020 WebMediaVideo traffic Web Webmin 51350 Web based system admini...

Page 28: ......

Page 29: ... ICMP Codes Identifying Default ICMP Types Table 3 1 lists the default ICMP Codes Table 3 1 ICMP Types ICMP Type Description 0 EchoReply 3 DestinationUnreachable 4 SourceQuench 5 Redirect 8 Echo 9 RouterAdvertisement 10 RouterSelection 11 TimeExceeded 12 ParameterProblem 13 Timestamp 14 TimestampReply 15 InformationRequest 16 InformationReply 17 AddressMaskRequest 18 AddressMaskReply 30 Traceroute...

Page 30: ...tion Network is Administratively Prohibited 10 Communication with Destination host is Administratively Prohibited 11 Destination Network Unreachable for Type of Service 12 Destination Host Unreachable for Type of Service 13 Communication Administratively Prohibited 14 Host Precedence Violation 15 Precedence cutoff in effect 5 Redirect Codes 0 Redirect Datagram for the Network or subnet 1 Redirect ...

Page 31: ...STRM Default Application Configuration Guide Identifying Default ICMP Codes 25 2 Bad Length Table 3 2 ICMP Codes continued ICMP Code Description ...

Page 32: ......

Page 33: ...ides information on default protocols IDs used in STRM Table 4 1 lists the default common protocols Table 4 1 Protocol ID Protocol ID Protocol Port Description 6 TCP 17 UDP 1 ICMP 2 IGMP 38 IDPR CMTP 40 IPv6 46 RSVP 47 GRE 50 ESP 51 AH 54 NARP 99 ANY 89 OSPFIGP 94 IPIP 132 SCTP ...

Page 34: ......

Page 35: ...mic Host Control Protocol 80 HTTP HyperText Transfer Protocol 81 HTTP HyperText Transfer Protocol 110 POP3 Post Office Protocol version 3 115 SFTP Secure File Transfer Protocol 119 NNTP Network New Transfer Protocol 123 NTP Network Time Protocol 137 NetBIOS ns 138 NetBIOS dgm 139 NetBIOS 143 IMAP Internet Message Access Protocol 161 SNMP Simple Network Management Protocol 194 IRC Internet Relay Ch...

Page 36: ... 1433 Microsoft SQL Server 1521 Oracle SQL 2049 NFS Network File System 3306 mySQL 4000 ICQ 6000 X Windowing System 6699 Napster 6667 IRC 6776 SubSeven and other trojans 8080 HTTP 31337 ackOrifice and other Trojans spells Elite Table 5 1 Port ID continued Port Protocol Protocol Description ...

Reviews:

No comments

Related manuals for SECURITY THREAT RESPONSE MANAGER - APPLICATION CONFIGURATION GUIDE REV 1

Paradyne Jetstream CPX-1000 Installation Manual preview
Jetstream CPX-1000
Brand: Paradyne Pages: 93
Sun Microsystems 2005Q2 Quick Start Manual preview
2005Q2
Brand: Sun Microsystems Pages: 38
Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 User Reference Manual preview
NETWORK BASIC - USER REFERENCE GUIDE 4.0
Brand: Red Hat Pages: 92
Adobe LIVE CYCLE 7.2 - INSTALLING AND CONFIGURING LIVECYCLE FOR JBOSS Manual preview
LIVE CYCLE 7.2 - INSTALLING AND CONFIGURING LIVECYCLE FOR JBOSS
Brand: Adobe Pages: 90
Microtek ScanWizard Pro Reference Manual preview
ScanWizard Pro
Brand: Microtek Pages: 177
F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY - Administrator'S Manual preview
ANTI-VIRUS LINUX CLIENT SECURITY -
Brand: F-SECURE Pages: 208
Muratec TIFFMAKER User Manual preview
TIFFMAKER
Brand: Muratec Pages: 13
VMware CLOUD DIRECTOR 1.0 Using preview
CLOUD DIRECTOR 1.0
Brand: VMware Pages: 3
VMware VmWare ESX Server 2.12 Deployment Deployment Manual preview
VmWare ESX Server 2.12 Deployment
Brand: VMware Pages: 34
VMware VCM 5.3 Manual preview
VCM 5.3
Brand: VMware Pages: 34
DigiDesign Focusrite d2 Manual preview
Focusrite d2
Brand: DigiDesign Pages: 39
Black Box FX160A User Manual preview
FX160A
Brand: Black Box Pages: 65
Multitech FaxFinder V.34 User Manual preview
FaxFinder V.34
Brand: Multitech Pages: 96
Intel Application Accelerator User Manual preview
Application Accelerator
Brand: Intel Pages: 90
F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00 Administrator'S Manual preview
ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00
Brand: F-SECURE Pages: 174
Mackie C4 Commander User Manual preview
C4 Commander
Brand: Mackie Pages: 20
Daikin DCS002A71 Operation Manual preview
DCS002A71
Brand: Daikin Pages: 16
Yamaha FIRESTATION Tutorial preview
FIRESTATION
Brand: Yamaha Pages: 26

Brands by name

Popular brands

Load more brands