52ky 发表于 2022-9-11 15:58:55

Juniper防火墙 ScreenOS 攻击检测和防御机制

第1章“维护网络”概述攻击的基本期间,以及在每个期间可用于对立攻击的防火墙选项。第2章“侦查震慑”介绍可用于关闭IP地址扫描、端口扫描以及发现方案系统的操作系统(OS)类型的测试的选项。第3章“拒绝服务攻击防护”解说防火墙、网络和与操作系统相关的DoS攻击,并说明ScreenOS如何减轻这类攻击。第4章“内容监控和过滤”介绍如何维护用户不受恶意一致资源定位器(URL)的影响,并说明如何配置JuniperNetworks安全设备,以便与第三方产品搭配使用,然后提供防病毒扫描、反垃圾邮件和Web过滤功能。第5章“深入检测”介绍如何配置JuniperNetworks安全设备以获得IDP攻击目标更新、如何创建用户定义的攻击目标和攻击目标组,以及如何在策略级使用IDP。第6章“侵/入检测和防护”介绍JuniperNetworks侵/入检测和防护(IDP)技术,该技术在以内联方法部署到您的网络后能够检测并进而阻止攻击。本章介绍如何在策略级使用IDP,以便在攻击进入网络之前丢掉恶意封包或连接。第7章“可疑封包属性”介绍维护网络资源的几个SCREEN选项,以预防网络资源遭到由不寻常IP和ICMP封包属性所指示的潜在攻击。附录A“用户定义签名的环境”提供对定义状况式签名攻击目标时可指定的环境的说明。

(Chapter 1, "Maintaining Your Network," provides an overview of the basic periods of attack and the firewall options available for adversarial attacks during each period. Chapter 2, "Reconnaissance and Deterrence," describes the options you can use to turn off IP address scanning, port scanning, and operating system (OS)-type testing of the discovery scheme system. Chapter 3, "Denial of Service Attack Protection," explains firewall, network, and operating system-related DoS attacks, and explains how ScreenOS mitigates such attacks. Chapter 4, “Content Monitoring and Filtering,” describes how to protect users from malicious consistent resource locators (URLs), and describes how to configure JuniperNetworks security appliances to work with third-party products, then provide antivirus scanning, antispam Mail and Web filtering capabilities. Chapter 5, "Deep Inspection," describes how to configure JuniperNetworks security appliances for IDP target updates, how to create user-defined targets and target groups, and how to use IDP at the policy level. Chapter 6, "Intrusion/Intrusion Detection and Prevention," introduces JuniperNetworks Intrusion Detection and Prevention (IDP) technology, which, when deployed inline to your network, can detect and prevent attacks. This chapter describes how to use IDP at the policy level to drop malicious packets or connections before an attack enters the network. Chapter 7, "Suspicious Packet Attributes," describes several SCREEN options for maintaining network resources against potential attacks indicated by unusual IP and ICMP packet attributes. Appendix A, "User-Defined Signature Environments," provides a description of the environments that can be specified when defining a stateful signature attack target.)




页: [1]
查看完整版本: Juniper防火墙 ScreenOS 攻击检测和防御机制