SRX Services Gateway
Reply
Contributor
coolblue
Posts: 40
Registered: ‎05-19-2011
0

What is the IDP "recommended" filter flag?

Hi,

 

can someone explain me the different between "normal" and "recommended" IDP Sigantures.

 

Which decision is there behind a recommended flagged signature?

 

What do you recommend how I should build IDP databases? Should I use only recommended Signatures or all ?

Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Re: What is the IDP "recommended" filter flag?

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/topic-collections/security/soft...

 

Take a look on page 629

 

Term Definition

All predefined attack objects have a default action associated with

them. This is the action that Juniper Networks recommends when

that attack is detected.

NOTE: This action is supported only for IPS rulebases.

Recommended —A list of all attack objects that Juniper Networks

considers to be serious threats, organized into categories.

Attack type groups attack objects by type (anomaly or signature).

Within each type, attack objects are grouped by severity.

Category groups attack objects by predefined categories. Within

each category, attack objects are grouped by severity.

Operating system groups attack objects by the operating system

to which they apply: BSD, Linux, Solaris, or Windows. Within each

operating system, attack objects are grouped by services and

severity.

Severity groups attack objects by the severity assigned to the

attack. IDP has five severity levels: Critical, Major, Minor, Warning,

and Info. Within each severity, attack objects are grouped by

category

 

 

 

 

________________________________________________


If my post helped you, please feel free to give me kudos.
Contributor
coolblue
Posts: 40
Registered: ‎05-19-2011
0

Re: What is the IDP "recommended" filter flag?

Hi Travis,

 

so juniper recommends both. To use the recommended flag in a attack-group and to use the recommended flag in the policy action rule.

 

What do you use normally?

 

Most of my customers are small business users. So a worry-free automatic protection is what the most of these customergroup wants.

Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Re: What is the IDP "recommended" filter flag?

Well, recommended is the list that Juniper sees as real threats, so you can probably trust that unless you know of more.  As small businesses I would say thats safe, do they host anything internal?  If not, it's probably just fine.

 

I don't actually run and IDP services, I think our core group has an iron port or some other appliance

________________________________________________


If my post helped you, please feel free to give me kudos.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.