exclude known false positives or to exclude a specific source, destination, or
source/destination pair from matching an IDP rule. If traffic matches a rule in the IDP
rulebase, IDP attempts to match the traffic against the Exempt rulebase before
performing the action specified.
•
Backdoor Detection—This rulebase protects your network from mechanisms installed
on a host computer that facilitates unauthorized access to the system. Attackers who
have already compromised a system typically install backdoors (such as Trojans) to
make future attacks easier. When attackers send and retrieve information to and from
the backdoor program (as when typing commands), they generate interactive traffic
that IDP can detect.
NOTE:
If you import an ISG2000 or ISG1000 gateway into NSM, the imported device
configuration does not include the IDP, Exempt, or Backdoor rulebases.
•
SYN Protector—This rulebase protects your network from SYN-floods by ensuring that
the three-way handshake is performed successfully for specified TCP traffic. If you
know that your network is vulnerable to a SYN-flood, use the SYN-Protector rulebase
to prevent it.
•
Traffic Anomalies—This rulebase protects your network from attacks by using traffic
flow analysis to identify attacks that occur over multiple connections and sessions
(such as scans).
•
Network Honeypot—This rulebase protects your network by impersonating open ports
on existing servers on your network, alerting you to attackers performing port scans
and other information-gathering activities.
Rule Execution Sequence
The rules in all rulebases combine to create a security policy. Security devices process
and execute firewall and VPN rules in the following order:
1.
Zone rulebase
2.
Global rulebase
3.
Multicast rulebase
Managed devices process and execute IDP rules in the following order:
1.
Exempt rulebase
2.
IDP rulebase
3.
APE rulebase
4.
Backdoor rulebase
5.
SYN Protector rulebase
6.
Traffic Anomalies rulebase
7.
Network Honeypot rulebase
433
Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring Security Policies
Содержание NETWORK AND SECURITY MANAGER 2010.3
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Страница 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 94 Network and Security Manager Administration Guide...
Страница 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Страница 234: ...Copyright 2010 Juniper Networks Inc 184 Network and Security Manager Administration Guide...
Страница 310: ...Copyright 2010 Juniper Networks Inc 260 Network and Security Manager Administration Guide...
Страница 364: ...Copyright 2010 Juniper Networks Inc 314 Network and Security Manager Administration Guide...
Страница 366: ...Copyright 2010 Juniper Networks Inc 316 Network and Security Manager Administration Guide...
Страница 478: ...Copyright 2010 Juniper Networks Inc 428 Network and Security Manager Administration Guide...
Страница 576: ...Copyright 2010 Juniper Networks Inc 526 Network and Security Manager Administration Guide...
Страница 580: ...Copyright 2010 Juniper Networks Inc 530 Network and Security Manager Administration Guide...
Страница 592: ...Copyright 2010 Juniper Networks Inc 542 Network and Security Manager Administration Guide...
Страница 684: ...Copyright 2010 Juniper Networks Inc 634 Network and Security Manager Administration Guide...
Страница 690: ...Copyright 2010 Juniper Networks Inc 640 Network and Security Manager Administration Guide...
Страница 696: ...Copyright 2010 Juniper Networks Inc 646 Network and Security Manager Administration Guide...
Страница 698: ...Copyright 2010 Juniper Networks Inc 648 Network and Security Manager Administration Guide...
Страница 748: ...Copyright 2010 Juniper Networks Inc 698 Network and Security Manager Administration Guide...
Страница 778: ...Copyright 2010 Juniper Networks Inc 728 Network and Security Manager Administration Guide...
Страница 870: ...Copyright 2010 Juniper Networks Inc 820 Network and Security Manager Administration Guide...
Страница 872: ...Copyright 2010 Juniper Networks Inc 822 Network and Security Manager Administration Guide...
Страница 898: ...Copyright 2010 Juniper Networks Inc 848 Network and Security Manager Administration Guide...
Страница 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Страница 910: ...Copyright 2010 Juniper Networks Inc 860 Network and Security Manager Administration Guide...
Страница 995: ...PART 6 Index Index on page 947 945 Copyright 2010 Juniper Networks Inc...
Страница 996: ...Copyright 2010 Juniper Networks Inc 946 Network and Security Manager Administration Guide...