Getting Started with IPS on the SRX
We should perform a few steps before we configure SRX IPS.
Here is a list of things to do before configuring the SRX for IPS
functionality:
- Install the license.
You must install an IDP license before you can download any
attack objects. If you are using only custom attack objects, you
don’t need to install a license (earlier versions had a bug where
they required it), but if you want to download Juniper predefined
attack objects, you must have this license. Juniper provides you
with the ability to download a 30-day trial license to permit this
functionality for a brief period of time to evaluate the
functionality. We covered license installation earlier in the book;
all you need is the request system license
add command either specifying a file, or copying and
pasting it into the terminal.
- Configure network access.
Before
you can download the attack objects, you must have network connectivity
to either the Juniper download server or a local server from which the
signatures can be downloaded. This typically requires network
configuration ...
Deploying IPS requires a slight learning curve. You could memorize
every command and feature by heart, and still have a rocky deployment. The
challenge is that every environment is different, just like a fingerprint
or DNA. There are different applications, different volumes of the
applications, different policies on what is accepted activity, and
different resources to protect; all which can make for different goals for
the IPS. Although this book can’t tell you exactly what your policy should
be, it can certainly help you to build and deploy that policy.
First Steps to Deploying IPS
Before you get too caught up in the actual deployment do a bit of
legwork and map out the policy which you want to deploy. Think of it as
brainstorming for your IPS. You should identify the assets you want to
protect, and identify the systems and applications and how they interact
with others in your network. You may need to contact the application
owners beforehand to identify this information. You should also
determine your IPD protection goals. This would include the types of
threats you want to prevent, and any other factors that might limit the
scope of the deployment. (Often this involves management approval so
that there aren’t any surprises.)
Once
you have identified the assets and the goals of the IPS, and you have
gotten all of the necessary approvals, you should be ready to build your
IPS policy on the SRX. Remember that if you are using predefined
Nice Blog Post thanks for sharing it.
ReplyDeletesophos antivirus support