fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Netscreen Attack Detection and Defense Overview

Below outlines Netcreens Attack Detection and Defense. This is by no means a full guide by acts as a general summary to the various terms and technologies.

SCREEN

Features legacy security protection, such as SYN, UDP and ICMP floods, Port scans and certain OS-specific DoS attacks.

Deep Inspection

Allows for inspection at the application layer for select protocols using stateful contexts. ScreenOS breaks down the protocol stream into inspectable fields. ScreenOS then uses DFA (Deterministic Finite Automation) to inspect these fields.
Deep Inspection allows for you to configure your Netscreen to automatically update your Deep Inspection signature set, along with write your own using FDA Regex.
A license is required to activate Deep Inspection and to add Deep Inspection to a policy just click the Deep Inspection icon within the policy to set the required settings. To create you own signiture go to "Objects | Attack | Custom".

URL Filtering

This allows for the use of 3rd Parties URL filtering options such as either SurfControl or Websense. Surf control includes an option called integrated mode which allows you to store filtering profiles upon the firewall itself.

AV

This allows for HTTP, FTP, SMTP, POP3 and IMAP protocols to be inspected for viruses with the activation of a license. To enable and configure AV go to "Screening | Antivirus | Global".

ALG

Protocols such as FTP, H.323 and other dynamic channel protocols can cause problems when creating the necessary firewall policies, due to the way thy dynamically choose/assign ports. To overcome this a subset of ALG`s were created for these protocols, which allow them to inspect the traffic/packets at the application layer and in turn allows the traffic through based on how the protocols function.

Tags: Netscreen

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001