Saturday, 18 January 2014

JUNOS : Require Regular Remote Configuration Backup

Backups of a routers configuration may be necessary when recovering from physical
hardware failure, administrative errors or a successful attack. Preserving the evidence of
an attack may also be necessary for regulatory compliance, forensic investigation or
prosecution of the attacker.
 
By default, JUNOS routers save a local backup copy of your configuration every time you
commit (save) a change. JUNOS maintains the 50 previous configuration files, 4 on theRouting Engines Flash drive and the remainder on the hard disk.
 
This provides a useful method to recover from many types of fault or error, however an
attacker will, potentially, be in a position to compromise these backups along with the
active configuration, so it is vital that you also keep a remote configuration backup
beyond the attackers reach.
 
Remediation:
A discussion of all possible backup methods is beyond the scope of this Benchmark.
Consider the Archival section of this Benchmark for one method of obtaining remote
backups whenever your configuration is changed.
 
Alternatively CVS tools such as RANCID provide an method to backup and configuration
files from a central location as well as keeping track of changes over time.
 
Also consider a method of maintaining offline copies of your backup data, such as tape
storage. This provides a vital tool in Disaster Recovery and is also extremely helpful when
recovering from a successful attack, as you can be certain that the attacker was unable to alter the offline version.

Friday, 10 January 2014

JUNOS : JTAC Recommended Junos Software Versions - SRX (Jan 2014)

SRX Series Services Gateways

Platform JTAC Recommended Junos Software by Platform Release
Type
Last
updated
SRX100B/H Junos 11.4R10.3 Standard 08 Jan 2014
SRX100H2 (*1) Junos 12.1X44-D20.3 Standard 05 Aug 2013
SRX110H Junos 11.4R10.3 Standard 28 Jan 2014
SRX110H2 Junos 12.1X44-D20.3 Standard 05 Aug 2013
SRX210B/H/BE/HE Junos 11.4R10.3 Standard 08 Jan 2014
SRX210H2 Junos 12.1X44-D20.3 Standard 05 Aug 2013
SRX220H Junos 11.4R10.3 Standard 08 Jan 2014
SRX220H2 Junos 12.1X44-D20.3 Standard 05 Aug 2013
SRX240B/H/B2/H2 Junos 11.4R10.3 Standard 08 Jan 2014
SRX550 Junos 12.1X44-D20.3 Standard 05 Aug 2013
SRX650 Junos 11.4R10.3 Standard 08 Jan 2014
SRX1400 (*2, 3) Junos 11.4R10.4 Standard 08 Jan 2014
SRX3400 (*3) Junos 11.4R10.4 Standard 08 Jan 2014
SRX3600 (*3) Junos 11.4R10.4 Standard 08 Jan 2014
SRX5400 Junos 12.1X46-D10.2 Standard 08 Jan 2014
SRX5600 Junos 11.4R10.3 Standard 08 Jan 2014
SRX5600 w/NG-SPC (*4) Junos 12.1X44-D22 Standard 04 Sep 2013
SRX5800 Junos 11.4R10.3 Standard 08 Jan 2014
SRX5800 w/NG-SPC (*4) Junos 12.1X44-D22 Standard 04 Sep 2013
(*1) TSB16272 - U-Boot upgrade recommendation for SRX100H2
(*2) SRX 1400 deployment as a Chassis Cluster requires Junos 11.1 or above
(*3) TSB16273 - Junos software limitation for SRX1400/SRX3400/SRX3600 Routing Engine and SRX3K Switch Fabric Board
(*4) TSB16197 - Intermittent PHY or MAC layer link failure on SRX5600 and SRX5800 with SRX5K-SPC-4-15-320

Monday, 6 January 2014

JUNOS : Hit-count tracking

The new show security policies hit-count command displays the utility rate of security policies according to the number of hits they receive. One can use this feature to determine which policies are being used on the device, and how frequently they are used. Depending on the command options that one chooses, the number of hits can be listed without order or sorted in either ascending or descending order, and they can be restricted to the number of hits that fall above or below a specific count or within a range. Data is shown for all zones associated with the policies or named zones.


This feature is supported on following platforms/applications:

SRX100   Junos OS 12.1R1
SRX110   Junos OS 12.1R1
SRX210   Junos OS 12.1R1
SRX220   Junos OS 12.1R1
SRX240   Junos OS 12.1R1
SRX550   Junos OS 12.1R1
SRX650   Junos OS 12.1R1
SRX1400 Junos OS 12.1R1
SRX3400 Junos OS 12.1R1
SRX3600 Junos OS 12.1R1
SRX5600 Junos OS 12.1R1
SRX5800 Junos OS 12.1R1
loading...