03-28-2012 08:40 AM
i've done some searching and reading on KB and forums (and the J security book) already, still i got some Problems understanding the SRX240 configuration to protect (web)servers from attacks.
1) i already found out i can use security > screen for basic attacks, may it be tcp/udp flooding and stuff, and that i can limit the sessions, BUT how to find good values for the screen?
2) apparently AppDDoS is not supported on the branch SRXes, and im still waiting for my idp-sig license.
is there any List of the idp rulebase that comes with the license? or can anyone recommend a guide or some cast study with good values for the idp-settings supported in the SRX240?
3) any other recommendations? firewall policy or similar maybe?
if anything helps, the protection will be used for some browser-based application. only protocols by used by end-users (and possible attackers) are http and https.
normally i would take more time to search and learn by myself, but i guess my "CUSTOMER NEEDS ASAP" deadline is pretty tight this time!
cheers, thanks in advance, and im going to make some coffee, gonna be a long night!
03-28-2012 11:04 AM
Here are a few links that should help. I would recommend starting out with one of the predefined templates to help protect your web server from attacks.
03-28-2012 02:06 PM
Since most environments are slightly different it's hard to recommend a baseline value for everyone. My recommendation would be to determine the average connections your server accepts, then account for some burst traffic, and set the screen accordingly. A logging solution could also help you determine then.
03-28-2012 02:42 PM
While you are waiting your idp license, you can also install trial idp license which may give you additional time to fine tune your idp policy. request system license update trial
You can start with default templates, based on the logging and triggers you can customize the idp rule for your environment.