IDP SERIES POLICY DESIGN AND OPTIMIZATION
|
|
- Jasmin Lloyd
- 7 years ago
- Views:
Transcription
1 IMPLEMENTATION GUIDE IDP SERIES POLICY DESIGN AND OPTIMIZATION Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the accuracy of the information provided herein. Third party product descriptions and related technical details provided in this document are for information purposes only and such products are not supported by Juniper Networks. All information provided in this guide is provided as is, with all faults, and without warranty of any kind, either expressed or implied or statutory. Juniper Networks and its suppliers hereby disclaim all warranties related to this guide and the information contained herein, whether expressed or implied of statutory including, without limitation, those of merchantability, fitness for a particular purpose and noninfringement, or arising from a course of dealing, usage, or trade practice. Copyright 2009, Juniper Networks, Inc. 1
2 Table of Contents Introduction Scope Design Considerations Solution-Type Design Guidance General Topology Software and Hardware Versions Implementation Solution Description Components of the Policy Designing and Implementing a Policy Defining Network and Host Objects Defining a Policy Steps to Implement a Recommended Policy Defining Actions Defining Notifications Customizing the Policy Server Protection Create Granular Notification Predefined and Custom Dynamic Groups Terminal Rules Exempt Rules False Positives Performance Considerations Optimize Traffic Filtering Client-to-Server/Server-to-Client Notifications Application Identification Fine-tuning and Monitoring the Network Security Profiler Security Explorer SCTOP Command-Line Utility Summary Appendix A: Resources for Ongoing Maintenance Daily Signature Updates Detector Updates Known Issues Update About Juniper Networks Copyright 2009, Juniper Networks, Inc.
3 Table of Figures Figure 1: IDP Series policy using the All_With_Logging template Figure 2: Sample IDP Series deployment topology Figure 3: Defining a Web server as a host in NSM Figure 4: Predefined IDP Series policy templates available within NSM Figure 5: Creating a new security policy based on the recommended policy template Figure 6: IDP Series rules created in the recommended policy Figure 7: Detailed description of a sample signature Figure 8: Rules protecting internal servers Figure 9: Creating granular notification Figure 10: Listing of predefined attack group categories Figure 11: Defining a custom dynamic group Figure 12: Exempt rules Copyright 2009, Juniper Networks, Inc. 3
4 Introduction As the public Internet is increasingly infiltrated with rogue network traffic and threats, enterprises face the challenges of providing secure network access while protecting their users, applications, and services from attack. Juniper Networks IDP Series Intrusion Detection and Prevention Appliances provide network administrators with a powerful tool to monitor and prevent network threats both at the protocol and application levels by employing a comprehensive, signature-based, attack database used in conjunction with a rule-based policy. As malware such as worms and trojans often target vulnerabilities in protocols, the IDP Series also uses a feature called protocol anomaly detection in conjunction with stateful signatures to inspect and detect threats before they reach the intended target. In addition, IDP Series appliances can regulate and block unwanted peer-to-peer applications or instant messaging to maintain compliance with corporate network use policies. As network requirements and services are very diverse and the threats attacking them are continually evolving, configuring intrusion prevention system (IPS) security policy to provide optimal coverage is a challenging task for administrators. The IDP Series provides administrators with a highly flexible and configurable security policy and threat coverage toolset. Often this level of flexibility comes with complexity and confusion around how IDP Series appliances process rules and mitigate network threats. Once understood, the IDP Series provides administrators with a robust number of policy management features to design the security rulebase, manage the attack objects applied, and designate an appropriate action in response. This document is designed to help security administrators, network operations engineers, and implementation partners design and implement effective IDP Series security policies using the recommended policy, as well as customize and optimize the configuration using additional features available within the IDP Series platform. Scope Network security administrators are continually challenged with a barrage of threats against their networks. Operating system and application vulnerabilities are found on a daily basis. Malware such as botnets, worms, trojans, and spyware infiltrate and steal valuable resources. Enterprises, large or small, must thwart these attacks to protect their intellectual property. Multiple directions of threat, both internal and external, further complicate this complex task. Additionally, unwanted peer-to-peer and chat applications constrain network bandwidth and reduce worker productivity. In addition, increased compliance regulations and privacy laws require protections to ensure identity protection and safeguarding of financial data. Health organizations and financial institutions are a few examples of organizations required by federal regulations to protect consumer data from network breaches. Sensitive information such as medical records, financial transactions, social security numbers, and credit card numbers must be protected against unauthorized harvesting by malware. Regulatory compliance to standards such as the Health Insurance Portability and Accountability Act (HIPAA), Peripheral Component Interconnect (PCI), and the Sarbanes-Oxley Act is essential. Juniper Networks IDP Series Intrusion Detection and Protection Appliances provide a strong platform backed by the Juniper Networks Security team to block network threats and ensure corporate network policy. The IDP Series offering is a comprehensive tool, capable of providing key elements of compliance requirements. Both the standalone and integrated Juniper Networks ISG Series Integrated Security Gateways and IDP Series are deployed in a range of small to large enterprises, across multiple verticals. Additionally, service providers are deploying high-throughput versions of IDP Series products. Data center applications require IPS protection to manage increasing threat sophistication as well as rising regulatory pressures. The IDP Series provides a critical, focused defense behind a network firewall to block network attacks and manage application-level traffic. Optimization of this layer is highly desirable, along with accurate tuning and elimination of false positives. This document is designed for security administrators, network operations engineers, and implementation partners. It provides a design solution to build and optimize an effective security policy by implementing several newly developed features in the IDP Series: recommended policy and recommended actions. The solution also discusses approaches and features to customize IDP Series policy. Using these guidelines, an administrator can: Provide a thorough level of threat coverage Simplify ongoing policy management Minimize exposure to false positives Optimize IDP Series performance 4 Copyright 2009, Juniper Networks, Inc.
5 Design Considerations While Juniper Networks IDP Series Intrusion Detection and Prevention Appliances provide an excellent defense against today s threats, administrators are often perplexed by the design of IPS policy and the selection of attack signatures to defend against. Often, administrators new to IPS will configure an IDP Series policy of type Any/Any/Any using the All_With_Logging predefined template, hoping to get the full effect of the complete IDP Series signature database to protect their networks. This will create a policy that matches Any source, Any destination, and inspects against Any attack signature. This configuration, shown in the following screen capture, will result in an IDP Series policy that will inspect every packet against the entire signature database creating too many alerts and false positives, and resulting in poor performance. Figure 1: IDP Series policy using the All_With_Logging template This document presents best practices to design an effective security policy using the following concepts and features available within the IDP Series and its management software platform, Juniper Networks Network and Security Manager. Begin with a network topology with defined protected segments List and define network segments, host, and server address objects within the NSM UI Create a new policy using the predefined recommended policy as a template Create specific rules for servers Review recommended actions Create and manage dynamic attack groups Create exempt rules Utilize Application Identification Leverage the Enterprise Security Profiler Correlate traffic with the Security Explorer Copyright 2009, Juniper Networks, Inc. 5
6 Solution-Type Design Guidance General Topology The following topology is a typical IPS deployment at an enterprise where the IDP Series resides on the network edge behind a firewall. The IDP Series in this position is inline with network traffic and can protect the servers (SMTP, WWW, and DNS) as well as the additional clients and resources on the LAN. This sample topology will be used as a reference for creating an IDP Series policy. INTERNET Border Router NetScreen-5200 Firewall IDP Series SMTP WWW DNS DMZ NetScreen-5200 Network and Security Manager Figure 2: Sample IDP Series deployment topology Software and Hardware Versions This document is based on IDP Series release 4.1r2 along with NSM r2. The features and configuration samples discussed in this document were tested on a standalone Juniper Networks IDP1100 Intrusion Detection and Prevention Appliance, though the principles apply to any standalone or integrated ISG Series with IDP Series security module. Differences between standalone IDP Series products and integrated ISG Series/ IDP Series products are noted where applicable. 6 Copyright 2009, Juniper Networks, Inc.
7 Implementation Solution Description This document details a recommended approach to designing and customizing an effective IPS security policy by specifying the usage of a number of key IDP Series features. The IPS security policy in its entirety consists of the main IDP Series rulebase and five other rulebases: Exempt, Backdoor, SYN Protector, Traffic Anomalies, and Network Honeypot. This document will focus on designing and optimizing the main IDP Series rulebase and will also discuss the exempt rulebase. Juniper Networks NSM Administrator s Guide discusses the other rulebases in great detail. Components of the Policy The IDP Series main rulebase policy consists of the following essential parameters: Rule Sequence The IDP Series policy processes traffic through a numbered sequence of rules, allowing for prioritization of earlier rules over later rules. Address Objects Before traffic inspection, the IDP Series filters traffic based on source and destination IP addresses. Service IDP Series appliances can filter inspection based on a transport layer service ((TCP, UDP, remote procedure call (RPC), Internet Control Message Protocol (ICMP)) or port. Attack Objects These form the basis of the stateful traffic inspection. In addition to REGEX-based patternmatching signatures, attack objects also consist of protocol anomalies that detect traffic that deviates from a standard protocol. Attack objects are grouped into five severity levels (Critical, Major, Minor, Warning, and Info) as well as many categories of traffic. Action This defines the way IDP Series appliances handle traffic when an attack object is matched. There are a total of nine actions available, which are discussed later in this guide. Notification Each rule can have multiple notification responses, including recording a log event, various forms of alerts, and packet logging. This document will cover each of the aforementioned parameters while providing recommendations and examples to help beginning IDP Series administrators create an effective policy suitable for their environment. Designing and Implementing a Policy Defining Network and Host Objects The first step in creating a security policy is to identify the network segments and resources being protected. A detailed network topology should be consulted to note subnets and work groups so that rules can be customized to permit and deny network services. Servers should also be identified at this point and grouped by function so that attack objects can be appropriately applied. Within NSM, networks and hosts are added into the Object Manager as Address Objects. Once individual entries are created, objects can be added to address groups to simplify rule creation. The following figure defines a Web Server with an IP address of After multiple hosts are created, hosts requiring similar protection can be added to Groups. Copyright 2009, Juniper Networks, Inc. 7
8 Figure 3: Defining a Web server as a host in NSM Defining a Policy Policy Templates After defining Address Objects, one can begin defining the rules governing the policy. To simplify this, NSM has several predefined IDP Series policies from which to choose: Figure 4: Predefined IDP Series policy templates available within NSM Some of these templates implement all attack objects. These are useful for product demos but are not practical in production deployments as they are resource intensive. Some of the templates are specific to certain network topologies: demilitarized zone (DMZ) environment, Domain Name System (DNS) server, FTP server, Web server, and file server. Recommended Policy Customers are advised to start with the recommended policy as a template and customize additional rules with specific networks, hosts, and application/protocol attacks that are significant for their network. The recommended policy is a specifically designed set of rules and attack objects grouped into a policy by the Juniper Networks Security team, which provides protection against the most relevant threats known to be present and proliferating through the Internet. This policy provides a good starting point for protection, while allowing administrators to subsequently analyze traffic traversing IDP Series appliances to further optimize the policy and best address their specific network policy requirements. This approach will yield optimal IDP Series performance, while providing proper and appropriate coverage, and minimizing false positive alerts and disruptions to legitimate traffic. The attack groups contained within the recommended policy are updated as new vulnerabilities and threats are found, so that the recommended policy or policies using the recommended attack groups have the latest signatures automatically. The recommended policy also includes the attack objects protecting against Microsoft s latest vulnerabilities, typically providing zero-day coverage of these threats. Updating the NSM Attack Database and applying it to IDP Series appliances will update the recommended policy with the latest attack objects. The update procedure is further discussed in Appendix 1: Ongoing Maintenance. 8 Copyright 2009, Juniper Networks, Inc.
9 Steps to Implement a Recommended Policy To create a new Policy based upon the recommended policy, select Security Policies within Policy Manager and click on the (+) to create a new Security Policy. After naming the policy and specifying IDP Series as the device type, select Use Predefined IDP Policy as Template. Choose recommended (predefined). Finally, assign the new policy to an IDP Series appliance. Figure 5: Creating a new security policy based on the recommended policy template The recommended policy consists of nine rules in the main rulebase, providing protection against important TCP, ICMP, HTTP, Simple Mail Transfer Protocol (SMTP), DNS, FTP, POP3, Internet Message Access Protocol (IMAP) attacks as well as common Internet malware. The following figure shows the default recommended policy with the nine rules applied to all traffic traversing IDP Series appliances. Copyright 2009, Juniper Networks, Inc. 9
10 Figure 6: IDP Series rules created in the recommended policy Defining Actions When traffic matches an attack object, the IDP Series provides a number of possible actions as a response: No action, Ignore remainder of connection, Drop Packet, Drop Connection, Close Client, Close Server, and Differentiated Services (DiffServ) Marking. The Close actions will send reset (RST) packets for TCP traffic, while Drop actions will drop a packet or connection without an RST packet. Depending on the nature of the attack and network service, it can be advantageous to choose one action over another. Recommended Actions To simplify action selection, the Juniper Networks Security team has implemented a predefined recommended action for signatures in the attack object database. These recommended actions are used by default in the recommended policy and are available in standalone IDP Series 4.1 and Juniper Networks ScreenOS 6.0 for integrated ISG Series/ IDP Series products. The recommended action for a specific signature can be viewed by selecting Attack Objects > IDP Objects > choose the specific signature > right-click > View. The Juniper Networks Security team s predefined recommended action provides the most appropriate response for the threat. Traffic matching the most significant attack objects is dropped, while minor attack objects are marked for no action. Recommended actions are assigned to predefined attack objects based on attack severity: 10 Copyright 2009, Juniper Networks, Inc.
11 The recommended checkmark and recommended action fields are visible as well, as the detailed description of the signature as shown in the following figure: Figure 7: Detailed description of a sample signature Defining Notifications Once an action is taken, the IDP Series can be configured to provide notification of the event in multiple forms: logging, alerts, SNMP alerts, syslog alerts, trigger a script, and packet logging are a few of the options available. The default notification in the recommended policy is to log the attacks. Customizing the Policy While the recommended policy provides a good baseline policy, an effective policy will have to be tailored to the specific network, taking into account specific applications and servers used and any corporate or regulatory policies needing enforcement. Server Protection The first step of customization is to create additional rules to protect internal servers. The rules apply additional serverspecific attack objects to internal servers. Using the simplified network topology presented earlier as an example, additional rules are created to protect identified Web, SMTP, and DNS servers. While the recommended policy provides basic protection of these services applicable to all traffic, more complete coverage for servers is recommended. One may add predefined attack groups based on category and severity within the attack column. Copyright 2009, Juniper Networks, Inc. 11
12 In the following example, three new rules have been added to the recommended policy. Critical, Major, and Minor Attack Objects are applied in rules specific to traffic destined for the mail, Web, and DNS servers. Additional database, backup, or media servers should have similar rules applied. Figure 8: Rules protecting internal servers Create Granular Notification In the previous example, notification action on all servers protecting rules is set as Logging despite having attacks of differing severities. In a typical deployment, critical attacks will require alert notification so that quick corrective action can be taken. To make the notification more granular, split the critical attacks into their own rules while adding additional notification. Notification options including , SNMP, syslog, and packet capture are all available by rightclicking the Notification field. In the following example, critical attacks on the Web servers will generate alert notifications, while minor-level SMTP, Web, and DNS attacks have been configured to no notification. No notification may be desired if the network traffic generates too much log data. Figure 9: Creating granular notification Predefined and Custom Dynamic Groups To further customize the IDP Series rulebase, administrators need to apply custom rules built with relevant attack objects for applications specific to their network. As the IDP Series attack object database is very comprehensive, it is impractical to comb through it looking for relevant attacks. NSM addresses this by subdividing the attack database into multiple predefined attack groups. Administrators can create very specific rules by using attack groups with application- and protocol-specific categories. 12 Copyright 2009, Juniper Networks, Inc.
13 Figure 10: Listing of predefined attack group categories Administrators may find the need to customize attack groups based on application, traffic direction, or severity. NSM allows this by using custom attack groups. Custom attack groups can be created by filtering attacks based on the following criteria: Product type application, protocol, operating system, and so on Severity info, warning, minor, major, critical Direction traffic direction (client-to-server, server-to-client, or any) Attack Type signature (threat matched against signature), anomaly (threat due to protocol deviation) Service Type predefined TCP and UDP services False Positives criteria if frequently, occasionally, rarely, or unknown for false positives Recommended whether the attack is recommended or not Last Modified date of modification for attack signature (field is deprecated and no longer used) As new attack objects are added to the attack database by the Juniper Networks Security team, they are automatically added to existing dynamic groups matching the defining criteria for that group. A use case for custom attack groups would be an Internet service provider (ISP) or university administrator who wants to allow peer-to-peer traffic, but protect against peer-to-peer vulnerabilities. This can be achieved by creating a custom attack group containing filters for Product type Peer-To-Peer and severities Minor, Major, and Critical. Blocking only this grouping would allow peer-to-peer traffic, but block exploits and attacks due to peer-to-peer. By making this a dynamic custom attack group, future attack objects matching these criteria would automatically be added to the dynamic group. Copyright 2009, Juniper Networks, Inc. 13
14 Figure 11: Defining a custom dynamic group Terminal Rules Normal IDP Series rule processing occurs in a linear sequence starting with the first rule and processing until the last rule. For each rule, traffic is matched against source/destination addresses and against the attack signature before taking the defined action. Sometimes an administrator may want to match traffic against a set of criteria, take an action on the matched packets, and not subject the traffic to inspection against subsequent IDP Series rules. This can be useful to avoid multiple logs/alerts if traffic is known to match multiple signatures. This can also be useful to troubleshoot or prevent false positives. The Terminate Match checkbox creates such a terminal rule. In a terminal rule, traffic matching the source, destination, and service is not subjected to inspection in subsequent rules. Caution must be used when using terminal rules, as traffic only has to match the source, destination, and service to be considered terminal. The rule is terminal even if the traffic does not match the attack. To optimize performance, terminal rules should be placed near the top of the rulebase. Terminal Rule Example: (S)= Source, (D) = Destination, (Se)=Service, (A)= Attack Normal rule: Match (S), (D), (Se), (A) -> Take defined action, move to next rule Normal rule: Match (S), (D), (Se), but does not match (A) -> No action, move to next rule Terminal rule: Match (S), (D), (Se), (A) -> Take defined action, terminate rule processing Terminal rule: Match (S), (D), (Se), but does not match (A) -> No action, terminate rule processing 14 Copyright 2009, Juniper Networks, Inc.
15 Exempt Rules The IDP Series rulebase can have attack objects that will match against traffic and produce false positives or irrelevant log records. Alternatively, there may be specific source or destination addresses that should be excluded from attack detection. The Exempt rulebase can be used to exclude specific source/destination pairs against specific attack objects using the following flow of rule processing: 1. Traffic first matched a rule in the IDP Series rulebase. 2. Traffic is then matched against the Exempt rulebase. 3. If not matched in the Exempt rulebase, the specified action/log is carried out. 4. If traffic matches in both the IDP Series rulebase and a rule in the Exempt rulebase, then traffic passes without action/log. Example: The following IDP Series rule blocks all chat traffic from the finance network: The exempt rule would allow MSN traffic to be permitted. Figure 12: Exempt rules False Positives Unintended traffic drops or alerts are considered to be false positives. Tuning the IDP Series security policy to minimize false positives is best achieved by crafting highly specific rules customized for addresses and specific attack objects. Depending on the IDP Series placement and custom network patterns, some false positives will still be encountered. The following approaches for handling false positives are recommended: Understand the attack object and its application. Review the attack objects description within the Object Manager to better understand how to apply the attack object. Exempt the attack object from matching with an exempt rule. -- This will bypass the attack object. Create the exempt rule to be as specific as possible by using a specific source/ destination address pair and the attack object in the exempt rule. Collect a packet capture and notify the Juniper Security team. -- Configure a temporary 10 pre-packet and 20 post-packet post-capture under the notification column. If the capture is TCP- based traffic, it should contain the TCP three-way handshake. Send the packet capture and suspect attack object to signatures@juniper.net for analysis. Example: Several MS-RPC evasion attack objects will match on SMB print job traffic generating a false positive. As MS-RPC evasion attacks will appear on traffic originating on the WAN, apply MS-RPC evasion attack objects only on traffic from the Internet on WAN links. MS-RPC evasion attack objects should not be applied on rules inspecting internal LAN traffic. Copyright 2009, Juniper Networks, Inc. 15
16 Performance Considerations With the impressive number of features and options available to inspect traffic with IDP Series appliances, it is important to optimize the policy and IDP Series tools utilized to maximize IPS effectiveness. As with any network solution, the IDP Series model deployed has to be appropriate to the traffic levels of the inspected network. The peak traffic levels should not regularly exceed the IDP Series rated capacity. This section reviews certain aspects of the IDP Series options that are potentially taxing to performance and discusses approaches to minimize impact. Optimize Traffic Filtering One simple approach to improving and optimizing IDP Series policy performance is to direct traffic to relevant attack objects. By filtering traffic in the rulebase according to source and destination addresses, packets are directed toward specific attack signatures thereby increasing performance and also reducing false positives. An example rule implementing this would be to filter traffic inspection for database exploits to traffic destined to an SQL server address object only. All other traffic would bypass this rule. Client-to-Server/Server-to-Client Many IDP Series attack objects are defined to implement detection in a direction of flow when attempting to match traffic any, client-to-server, server-to-client. Server-to-client attack objects are resource intensive. The direction of an attack object can be viewed by opening the attack object and editing it and viewing the detection tab. To improve IDP Series policy performance, implement server-to-client signatures with specific source/destination address objects rather than any to direct relevant traffic to the signature. Notifications Notifications can impact IDP Series performance depending on the rate and type. Performance will vary based on the specific IDP Series model and traffic levels, but log notifications should be minimized not only to improve performance, but to reduce the noise in log reports to ease notice of relevant attacks. While increased notification levels are a must while diagnosing attacks, under normal IDP Series usage, no notifications are recommended for minor, warning, and info severity attacks. Additionally, packet logging is very resource intensive as packet captures are logged to disk. Pre-packet captures require IDP Series appliances to capture ahead of attacks and should only be used when diagnosing false positives. Application Identification A new feature introduced in standalone IDP Series 4.1, Application Identification (AI) can identify applications running on dynamic ports by matching patterns in the data stream. AI allows detection of applications running on non-standard or unknown ports. Previously, signature decoders had to have port specified with static protocol mapping. Many peer-to-peer (Bittorent, Kaaza) and chat (Skype, Yahoo Messenger, and so on) applications are designed to use dynamic ports. AI determines application by traffic patterns and then applies the appropriate signatures independent of the ports being used. It will match a signature based on the first client-to-server or first server-to-client packet. Application Identification improves application detection and reduces false positives by not having to rely on static port definitions in the signature. It is enabled by default in IDP Series 4.1. The setting to disable is in the Sensor Settings > Load Time Parameters section within NSM. If AI is disabled, older signatures based on ports and context decoders are used. Fine-tuning and Monitoring the Network A key component to fine-tune the IDP Series deployment is to understand the sources and destinations of typical network traffic patterns on your network and be able to identify unique network events. IDP Series appliances have several tools that are valuable to analyze and monitor the network. These include Enterprise Security Profiler, SCTOP Command-Line Utility, and Security Explorer. 16 Copyright 2009, Juniper Networks, Inc.
17 Security Profiler The Profiler is best utilized in the initial deployment to learn about your network and its resources. The Profiler collects a database of each unique event that occurs on your network, allowing you to identify the following: Hosts and servers Traffic ports and protocols used Layer 3, L4, and L7 data identifying applications, host operating systems, users, and services Profiler is initially used to create a network baseline where it identifies each host, server, and software application that regularly appears on the network. As part of establishing a baseline, Profiler builds a database of operating systems, applications, versions, and other parameters to characterize normal traffic. After a network baseline is established, Profiler should be configured to alert on network deviations. Profiler can send an alert when a new host or new application appears on the network. As an example, Profiler can be instrumental in identifying a new infection of a host with a network-scanning worm. Profiler quickly identifies the network scan as a non-standard activity that can fire off an alert. Review of the Profiler database can identify the specific IP and media access control (MAC) address of the infected host, allowing a quick response to the malware. Detailed notes on the configuration and application of the Profiler are in the NSM Administrator s Guide. Security Explorer The Security Explorer is a graphical tool allowing the administrator to correlate network traffic based on data collected in the Profiler, Log Viewer, and Report Manager. It displays several panes that graphically depict relations between objects based on Peer IP, inbound/outbound services, and client/server profiles as well as attacks. The report tab can be used to view top attacks, alarms, logs, destination IPs, attacks over time, and attacks by severity. This correlation allows the administrator to learn traffic patterns within the network that are not immediately evident and apply policy rules tailored to the context seen. SCTOP Command-Line Utility Monitoring IDP Series performance and utilization is easily done using the built-in command-line IDP Series utility SCTOP. This utility is accessed via SSH in the IPS sensor (standalone IDP Series products only) as admin, and su to root user. SCTOP is launched via the sctop command-line interface (CLI) command. Snapshot of SCTOP options: sctop help h - Display this help a - ARP/MAC table i - IP flows c - ICMP flows u - UDP flows t - TCP flows r - RPC table x - RPC XID table s - Subscriber s status m - Memory statistics l - Q-Module statistics e - Rulebase statistics g - Aggregate statistics k - Attack statistics p - Spanning tree protocol b - IP Action table z - Packet distribution d - Strip Chart f - Fragment chain w - HA status y - IDS cache statistics q - Quit the program kernel v idp41 v - reverse sort order 0 - disable sorting 1 - sort by bytes/session 2 - sort by packets/session 3 - sort by expiration 4 - sort by service 5 - sort by dst port 6 - sort by src ip 7 - sort by dst ip 8 - sort by vlan Copyright 2009, Juniper Networks, Inc. 17
18 The following SCTOP displays are the most useful for IDP Series monitoring: s Subscriber status: Very useful to monitor IDP Series network throughput, policy, traffic peaks, uptime, version k Displays attack statistics in order of frequency of hits i, t, u Displays IP, TCP, and UDP flows, respectively g Displays Aggregate Statistics based on sessions per IP address z Packet size distribution Summary By implementing the approach presented in this solution design guide, a security administrator can simplify the design and maintenance of the IDP Series policy. Using the newly developed recommend policy and recommended action features allows the administrator to leverage the knowledge and resources of the Juniper Networks Security team to better utilize IDP Series appliances. As with any network tool, IDP Series Intrusion Detection and Protection Appliances have to ultimately be customized to the specific network requirements. The detailed review of IDP Series features and implementation recommendations presented in this guide will enable the administrator to decrease false positives and improve overall performance while minimizing ongoing maintenance of IDP Series appliances. Appendix A: Resources for Ongoing Maintenance Daily Signature Updates The Juniper Networks Security team constantly monitors for the latest vulnerabilities and threats and creates signatures on a daily basis against these threats. Customers can subscribe to the signature bulletins from the support Web page or the following link can be used directly: NSM can be configured to automatically download the attack database on a regular basis. This procedure is detailed in the NSM Administrator s Guide in the Managing Devices > Managing the Attack Database section. Detector Updates Upgrading the attack database in NSM is the one step for IDP Series maintenance. In addition, the Juniper Networks Security team regularly updates the IDP Series Detector Engine. Updating the detector is done through NSM. Detector Engine updates can contain fixes for the protocol decoders, so upgrading to the latest Detector Engine can solve packet loss conditions and device crashes. Improvements that go into a new detector include: False positive fixes Decoder fixes (fix false positives and false negatives) New contexts (improve accuracy and performance) New protocol decoders (improve performance and accuracy) Stability and memory improvements 18 Copyright 2009, Juniper Networks, Inc.
19 Known Issues Update Juniper Networks Technical Assistance Center (JTAC) publishes this update once a month to update customers of known issues and workarounds on the latest IDP Series releases. Customers can subscribe to Known issues Update (KIU) from this page: Attack Object Information Each signature is described at this link: Customers can also refer to the Juniper Security RSS feed, as all updates are listed here: The latest CVE to IDP signature mapping file is on the TAC Software Download Pages: About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions, Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888.JUNIPER ( ) or Fax: Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: Fax: Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: EMEA Sales: Fax: please contact your Juniper Networks representative at or authorized reseller. Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice EN Dec 2009 Printed on recycled paper Copyright 2009, Juniper Networks, Inc. 19
COORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationPRODUCT CATEGORY BROCHURE
IDP Series Intrusion Detection and Prevention Appliances PRODUCT CATEGORY BROCHURE Staying One Step Ahead With the accelerating number of applications allowed in from the Internet and the higher frequency
More informationMIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS
APPLICATION NOTE MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS Migrating Advanced Security Policies to SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc.
More informationPERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY
APPLICATION NOTE PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY Copyright 2010, Juniper Networks, Inc. Table of Contents Introduction........................................................................................
More informationNetwork and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET
DATASHEET Network and Security Manager Product Overview Network and Security Manager provides unparalleled capability for device and security policy configuration, comprehensive monitoring, reporting tools,
More informationJuniper Networks Solution Portfolio for Public Sector Network Security
SOLUTION BROCHURE Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance Juniper
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationIdentity-Based Application and Network Profiling
Application Note Identity-Based Application and Network Profiling Using UAC in Conjunction with NSM, IDP and Infranet Enforcers Permits User-Identified Application and Network Profiling Juniper Networks,
More informationConfiguring and Implementing A10
IMPLEMENTATION GUIDE Configuring and Implementing A10 Networks Load Balancing Solution with Juniper s SSL VPN Appliances Although Juniper Networks has attempted to provide accurate information in this
More informationIdentity-Based Traffic Logging and Reporting
Application Note Identity-Based Traffic Logging and Reporting Using UAC in Conjunction with NSM and Infranet Enforcers to Give Additional, User-Identified Visibility into Network Traffic Juniper Networks,
More informationPRODUCT CATEGORY BROCHURE. Juniper Networks SA Series
PRODUCT CATEGORY BROCHURE Juniper Networks SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationWhite Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.
White Paper Five Best Practices to Protect Your Virtual Environment Realizing the Benefits of Virtualization Without Sacrificing Security Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationPRODUCT CATEGORY BROCHURE
PRODUCT CATEGORY BROCHURE SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations of Every Size
More informationRemote Access Protection
IMPLEMENTATION GUIDE Remote Access Protection Best Practices for Implementing Remote Access Protection Using Juniper Networks SA Series SSL VPN Appliances, IDP Series Intrusion Detection and Prevention
More informationMeeting PCI Data Security Standards with
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationNETWORK AND SECURITY MANAGER
DATASHEET NETWORK AND SECURITY MANAGER Product Overview Juniper Networks Network and Security Manager (NSM) is a unified device management solution for Juniper s network infrastructure of routing, switching
More informationCONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)
APPLICATION NOTE CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS) Discover Which Juniper Networks ScreenOS Rule Search Works for Your Network Copyright 2010, Juniper
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationProduct Description. Product Overview
DATASHEET vgw Gateway Product Overview The vgw Gateway provides a best-in-class virtual firewall to meet the unique security challenges of virtual data centers and clouds. IT teams can now secure their
More informationSoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationIF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL
IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL An illustrated Guide to Configuring a Simple IF-MAP Federated Network Juniper Networks, Inc. 1 Table of Contents Introduction...3 Scope...3
More informationVMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES
APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationMONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES
APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationSECURE ACCESS TO THE VIRTUAL DATA CENTER
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
More informationSecure, Mobile Access to Corporate Email, Applications, and Intranet Resources
APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources Table of Contents Introduction.........................................................................................
More informationSecurity Portfolio. Juniper Networks Integrated Firewall/VPN Platforms. Product Brochure. Internet SRX 5600. Fixed Telecommuter or Small Medium Office
Fixed Telecommuter or Small Medium Office NSM NSM Regional Office SSG 550M Product Brochure Security Portfolio Juniper Networks Integrated Firewall/VPN Platforms SSG 140 Branch Office... SSG 320M... SSG
More informationPRODUCT CATEGORY BROCHURE. Juniper Networks Integrated
PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats
More informationMonitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches
APPLICATION NOTE Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2009, Juniper Networks,
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services
More informationHow To Protect Your Network From Attack From A Malicious Computer (For A Network) With Juniper Networks)
PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats
More informationWhite Paper. Copyright 2012, Juniper Networks, Inc. 1
White Paper SRX Series as Gi/ Firewall for Mobile Network Infrastructure Protection Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3 Overview of LTE (4G)
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationPRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS
PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats to the network
More informationNETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)
DATASHEET NETWORK AND SECURITY MANAGER APPLIANCES ( AND ) Product Overview Now more than ever, network operators need the ability to easily manage security policies and to have visibility into potential
More informationWhite Paper. Five Steps to Firewall Planning and Design
Five Steps to Firewall Planning and Design 1 Table of Contents Executive Summary... 3 Introduction... 3 Firewall Planning and Design Processes... 3 Step 1. Identify Security Requirements for Your Organization...
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationLimitation of Riverbed s Quality of Service (QoS)
Application Note Limitation of Riverbed s Quality of Service (QoS) Riverbed s Quality of Service (QoS) configuration and limitations Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California
More informationReasons Enterprises. Prefer Juniper Wireless
Reasons Enterprises Prefer Juniper Wireless Juniper s WLAN solution meets the mobility needs of today s enterprises by delivering the highest levels of reliability, scalability, management, and security.
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationDemonstrating the high performance and feature richness of the compact MX Series
WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table
More informationSecurity Services Gateways PRODUCT CATEGORY BROCHURE
Security Services Gateways PRODUCT CATEGORY BROCHURE Integrated Strong Security for Data Center, Campus, Branch and Cloud Deployments As threats to the network grow more prevalent and destructive, securing
More informationMeeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)
White Paper Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) When It Comes To Monitoring and Validation It Takes More Than Just Collecting Logs Juniper
More informationJuniper Networks Solution Portfolio for Public Sector Network Security
Solution Brochure Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance STRM NS-Security
More informationSecurity Solutions Portfolio
Fixed Telecommuter or Small Medium Office Regional Office SSG 520M SSG 550M Security Solutions Portfolio Integrated Firewall/VPN Solutions SSG 140 Branch Office... SSG 320M... SSG 350M... SSG 5 SSG 20...
More informationService Description Overview
Service Description Overview Firewall Configuration Migration Service Service Description Overview...1 Firewall Configuration Migration Service...1 1. Introduction...2 2. Service Features...2 3. Service
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationSecurity That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation
White Paper Securing Multi-Tenancy and Cloud Computing Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation Copyright 2012, Juniper Networks,
More informationSecurity Solutions Portfolio. Juniper Networks Integrated Firewall/VPN Solutions
Fixed Telecommuter or Small Medium Office Security Solutions Portfolio Integrated Firewall/VPN Solutions 25....... Branch Office 50.... 5GT... HSC Regional Office 204 5200 208 Internet Admin NetScreen-
More informationFirewall Migration. Migrating to Juniper Networks Firewall/VPN Solutions. White Paper
White Paper Firewall Migration Migrating to Juniper Networks Firewall/VPN Solutions Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
More informationREPORT & ENFORCE POLICY
App-ID KNOWN PROTOCOL DECODER Start Decryption (SSL or SSH) Decode Signatures Policy IP/Port Policy Application Signatures Policy IDENTIFIED TRAFFIC (NO DECODING) UNKNOWN PROTOCOL DECODER Apply Heuristics
More informationWeb Filtering For Branch SRX Series and J Series
APPLICATION NOTE Web Filtering For Branch SRX Series and J Series Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2009, Juniper Networks, Inc. Table
More informationImplementation Consulting
Implementation Consulting Service Description Document August 2009 Table of Contents 1. Introduction...2 2. Eligibility and Prerequisite...2 3. Service Features and Deliverables...2 4. Customer Responsibilities...3
More informationOptimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches
APPLICATION NOTE Deploying IP Telephony with JUNIPER NETWORKS ETHERNET Switches Optimizing Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches Copyright 2009, Juniper Networks,
More informationCisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions
Data Sheet Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security
More informationALTERNATIVES FOR SECURING VIRTUAL NETWORKS
White Paper ALTERNATIVES FOR SECURING VIRTUAL NETWORKS A Different Network Requires a Different Approach Extending Security to the Virtual World Copyright 2013, Juniper Networks, Inc. 1 Table of Contents
More informationStrategic Network Consulting
Strategic Network Consulting Service Description Document November 2009 Contents 1. Introduction... 2 2. Eligibility and Prerequisites... 2 3. Service Features and Deliverables... 2 4. Customer Responsibilities...
More informationMobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.
White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationSteps for Basic Configuration
1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.
More informationIntroduction to Junos Space Network Director
Introduction to Junos Space Network Director Release 2.0 Published: 2015-02-12 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All rights
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationSymantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically
More informationCover. White Paper. (nchronos 4.1)
Cover White Paper (nchronos 4.1) Copyright Copyright 2013 Colasoft LLC. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationWEB FILTERING FOR BRANCH SRX SERIES AND J SERIES
APPLICATION NOTE WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2010, Juniper Networks, Inc. 1
More informationInteroperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems
APPLICATION NOTE Network Attached Storage Interoperability Testing Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and Storage Systems Copyright 2012, Juniper Networks, Inc.
More informationWXOS 5.5 SSL Optimization Implementation Guide for Configuration and Basic Troubleshooting
1 WXOS 5.5 SSL Optimization Implementation Guide for Configuration and Basic Troubleshooting Table of Contents 1. Introduction...1 1.1. How Does the SSL Optimization Feature Work...2 1.2. What Happens
More informationINTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION
WHITE PAPER INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION Copyright 2010, Juniper Networks, Inc. 1 Table of Contents New Challenges Evolving...................................................................................................
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationJuniper Networks WX Series Large. Integration on Cisco
APPLICATION NOTE Juniper Networks WX Series Large Deployment with WCCP Off-Path Integration on Cisco Integrating Multiple Juniper Networks WX Series Application Acceleration Platforms into a Cisco Infrastructure
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationIntroduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...
APPLICATION NOTE Securing Virtualization in the Cloud-Ready Data Center Integrating vgw Virtual Gateway with SRX Series Services Gateways and STRM Series Security Threat Response Manager for Data Center
More informationGENERATING NEW REVENUE STREAMS AND INCREASING NETWORK SECURITY
WHITE PAPER GENERATING NEW REVENUE STREAMS AND INCREASING NETWORK SECURITY Dynamic Application Awareness and Intrusion Prevention System Copyright 2009, Juniper Networks, Inc. 1 Table of Contents Executive
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of
More informationDeploying IP Telephony with EX-Series Switches
Application Note Deploying IP Telephony with EX-Series Switches Optimizing VoIP Applications with EX 3200 and EX 4200 Series Ethernet Switches Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationTECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server
TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER AUGUST 2012 STRM uses system configuration files to provide useful characterizations of network data flows. Updates to the system configuration files, available
More informationDeploying ACLs to Manage Network Security
PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system
More informationCisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers
Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers The Cisco Intrusion Prevention System Advanced Integration Module
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationDEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES
APPLICATION NOTE DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES Optimizing Applications with Juniper Networks Access Switches Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Introduction.....................................................................................................3
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationFifty Critical Alerts for Monitoring Windows Servers Best practices
Fifty Critical Alerts for Monitoring Windows Servers Best practices The importance of consolidation, correlation, and detection Enterprise Security Series White Paper 6990 Columbia Gateway Drive, Suite
More informationWHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1
WHITE PAPER Network Simplification with Juniper Networks Technology Copyright 2011, Juniper Networks, Inc. 1 WHITE PAPER - Network Simplification with Juniper Networks Technology Table of Contents Executive
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. The Web Security manager is automatically configured
More information