Working with DI Attack Objects
Deep Inspection (DI) attack objects contain attack patterns and protocol anomalies for
known attacks and unknown attacks that attackers can use to compromise your network.
DI attack objects must be part of an attack object group, and a DI Profile object before
you can use them in a firewall rule to prevent malicious traffic from entering your network.
NOTE:
Deep Inspection is supported by NS-5GT devices, the NS-HSC, and all devices
running ScreenOS 5.3 or later.
To create a Deep Inspection (DI) Profile object, you add predefined attack object groups
(created by Juniper Networks) and your own custom attack object groups to the Profile
object. After creating the DI Profile, you add the Profile object in the Rule Option column
of a firewall rule. If an attack is detected, the device generates an attack log entry that
appears in the Log Viewer.
For information about configuring Deep Inspection in a firewall rule, see “Creating DI
Profiles” on page 334.
Viewing Predefined DI Attack Objects
NSM contains a database of hundreds of predefined DI attack objects designed to protect
networks from multiple attack vectors. Predefined groups contain attack objects, which
you can use in a DI Profile to match traffic against known and unknown attacks.
NOTE:
NSM displays a superset of all predefined DI attack objects. Based on the
platform and ScreenOS firmware version, security devices include a specific subset of
DI attack objects. Therefore, the list of predefined DI attack objects displayed in the
NSM UI might not match the list of predefined DI attack objects on the physical security
device.
To view individual predefined attack objects, select
Attack
. The Predefined Attacks tab
(default view) displays a table of predefined attack objects that represent known and
unknown attack patterns. Use the Predefined Attacks tab to quickly view details about
an attack object, such as name of the attack object, attack severity, attack category, and
attack references. To view the properties for an attack, right-click the attack and select
View
.
To locate all firewall rules that use a predefined attack object or group, right-click the
attack object and select
View Usages
.
Viewing Attack Version Information for Attack Objects
You can view details for predefined attack objects; however, not all details are applicable
to all attacks.
The Pattern field under the Detection tab in the Attack Version dialog box contains the
regular expression used to identify the attack. Juniper Networks Security Engineering
333
Copyright © 2010, Juniper Networks, Inc.
Chapter 8: Configuring Objects
Содержание NETWORK AND SECURITY MANAGER 2010.3
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Страница 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 94 Network and Security Manager Administration Guide...
Страница 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Страница 234: ...Copyright 2010 Juniper Networks Inc 184 Network and Security Manager Administration Guide...
Страница 310: ...Copyright 2010 Juniper Networks Inc 260 Network and Security Manager Administration Guide...
Страница 364: ...Copyright 2010 Juniper Networks Inc 314 Network and Security Manager Administration Guide...
Страница 366: ...Copyright 2010 Juniper Networks Inc 316 Network and Security Manager Administration Guide...
Страница 478: ...Copyright 2010 Juniper Networks Inc 428 Network and Security Manager Administration Guide...
Страница 576: ...Copyright 2010 Juniper Networks Inc 526 Network and Security Manager Administration Guide...
Страница 580: ...Copyright 2010 Juniper Networks Inc 530 Network and Security Manager Administration Guide...
Страница 592: ...Copyright 2010 Juniper Networks Inc 542 Network and Security Manager Administration Guide...
Страница 684: ...Copyright 2010 Juniper Networks Inc 634 Network and Security Manager Administration Guide...
Страница 690: ...Copyright 2010 Juniper Networks Inc 640 Network and Security Manager Administration Guide...
Страница 696: ...Copyright 2010 Juniper Networks Inc 646 Network and Security Manager Administration Guide...
Страница 698: ...Copyright 2010 Juniper Networks Inc 648 Network and Security Manager Administration Guide...
Страница 748: ...Copyright 2010 Juniper Networks Inc 698 Network and Security Manager Administration Guide...
Страница 778: ...Copyright 2010 Juniper Networks Inc 728 Network and Security Manager Administration Guide...
Страница 870: ...Copyright 2010 Juniper Networks Inc 820 Network and Security Manager Administration Guide...
Страница 872: ...Copyright 2010 Juniper Networks Inc 822 Network and Security Manager Administration Guide...
Страница 898: ...Copyright 2010 Juniper Networks Inc 848 Network and Security Manager Administration Guide...
Страница 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Страница 910: ...Copyright 2010 Juniper Networks Inc 860 Network and Security Manager Administration Guide...
Страница 995: ...PART 6 Index Index on page 947 945 Copyright 2010 Juniper Networks Inc...
Страница 996: ...Copyright 2010 Juniper Networks Inc 946 Network and Security Manager Administration Guide...