Best Policy Practice on IDP

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[Capt_Winters]

Hi Gurus,

  Any recommendation on best practices when it comes to POLICIES?

  Like policy hardening, fine tuning..etc.

  My rule on IDP right now is..


  Is to accept all traffic from any any to my network with all major and severity accepted

 Im going to gather all reports then fine tune the policy with DROP as action..

any suggestions?

thank you..

winters

[bwalker]

Hello Winters,

That's basically what I did.  I don't use Juniper, I prefer Stonesoft's IDS/IPS solution but I approached the implementation in the same way.

The last thing you want to do (especially if you are introducing inline IPS) is to put the device in and have it blocking legitimate traffic.  As with all IDS/IPS you have to base-line it - let it log and then you can determine what is the "norm" for your environment.  This can take as long as you like (I did it for 4-6 weeks) and then from the information it found I fine tuned my policy.

The nice thing about the StoneGate IPS is that it has a "passive termination" feature which means that it allowed all traffic to pass but logged any traffic that it would have blocked in "active termination" in a different colour which made it loads easier for me to decipher the logs and build my policy.

Good luck with your implementation.

Brian

[Frac]

Hi,

you have a nice tool in juniper idp for this! (profiler)

you can create a violation rule base and then let profiler run for 3 weeks and compare this rulebase with the profiler database.

you will then see all the traffic that isn't included in your violation rulebase.

GreetZ,
Frac

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• Screening Spam by Joe Vallender [Today at 07:03:09 AM]
• Intrazone Policies by mknll [Today at 06:34:20 AM]
• Two ISPs and one DMZ by mulopaari2 [Today at 06:21:05 AM]
• Problem logging into my n... by fujisan [Today at 04:51:24 AM]
• VPN to cisco pix with two... by Watcher60 [Today at 04:38:27 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:30:17 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:29:08 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:27:32 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:25:15 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:22:32 AM]

Members

• Total Members: 22513
• Latest: eklein

Stats

• Total Posts: 40575
• Total Topics: 11249
• Online Today: 77
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 4
Guests: 72
Total: 76

Budak
jaax
dragonbreath
Joe Vallender