SRX Services Gateway
Reply
cy
Contributor
cy
Posts: 76
Registered: ‎09-28-2010
0

SRX and webserver protection

Hi,

 

i've done some searching and reading on KB and forums (and the J security book) already, still i got some Problems understanding the SRX240 configuration to protect (web)servers from attacks.

 

1) i already found out i can use security > screen for basic attacks, may it be tcp/udp flooding and stuff, and that i can limit the sessions, BUT how to find good values for the screen?

 

2) apparently AppDDoS is not supported on the branch SRXes, and im still waiting for my idp-sig license.

is there any List of the idp rulebase that comes with the license? or can anyone recommend a guide or some cast study with good values for the idp-settings supported in the SRX240?

 

3) any other recommendations? firewall policy or similar maybe?

 

if anything helps, the protection will be used for some browser-based application. only protocols by used by end-users (and possible attackers) are http and https. 

 

 

normally i would take more time to search and learn by myself, but i guess my "CUSTOMER NEEDS ASAP" deadline is pretty tight this time! 

 

cheers, thanks in advance, and im going to make some coffee, gonna be a long night!

chris

--

You can also find me on Freenode IRC in #juniper, my handle is "cy[]"
Distinguished Expert
firewall72
Posts: 826
Registered: ‎05-04-2008
0

Re: SRX and webserver protection

Hi,

 

Here are a few links that should help.  I would recommend starting out with one of the predefined templates to help protect your web server from attacks.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16561&smlogin=true

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21338&actp=search&viewlocale=en_US&searchid...

 

 

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Trusted Contributor
Flannigan
Posts: 79
Registered: ‎12-16-2011
0

Re: SRX and webserver protection

Since most environments are slightly different it's hard to recommend a baseline value for everyone.  My recommendation would be to determine the average connections your server accepts, then account for some burst traffic, and set the screen accordingly.  A logging solution could also help you determine then.

Contributor
Satya1
Posts: 19
Registered: ‎01-17-2011
0

Re: SRX and webserver protection

hello,

 

While you are waiting your idp license, you can also install trial idp license which may give you additional time to fine tune your idp policy.  request system license update trial

 

You can start with default templates, based on the logging and triggers you can customize the idp rule for your environment.

cy
Contributor
cy
Posts: 76
Registered: ‎09-28-2010
0

Re: SRX and webserver protection

Big Thanks to all of you!

--

You can also find me on Freenode IRC in #juniper, my handle is "cy[]"
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.