Netscreen Attack Detection and Defense Overview
Below outlines Netcreens Attack Detection and Defense. This is by no means a full guide by acts as a general summary to the various terms and technologies.
Features legacy security protection, such as SYN, UDP and ICMP floods, Port scans and certain OS-specific DoS attacks.
Allows for inspection at the application layer for select protocols using stateful contexts. ScreenOS breaks down the protocol stream into inspectable fields. ScreenOS then uses DFA (Deterministic Finite Automation) to inspect these fields.
Deep Inspection allows for you to configure your Netscreen to automatically update your Deep Inspection signature set, along with write your own using FDA Regex.
A license is required to activate Deep Inspection and to add Deep Inspection to a policy just click the Deep Inspection icon within the policy to set the required settings. To create you own signiture go to "Objects | Attack | Custom".
This allows for the use of 3rd Parties URL filtering options such as either SurfControl or Websense. Surf control includes an option called integrated mode which allows you to store filtering profiles upon the firewall itself.
This allows for HTTP, FTP, SMTP, POP3 and IMAP protocols to be inspected for viruses with the activation of a license. To enable and configure AV go to "Screening | Antivirus | Global".
Protocols such as FTP, H.323 and other dynamic channel protocols can cause problems when creating the necessary firewall policies, due to the way thy dynamically choose/assign ports. To overcome this a subset of ALG`s were created for these protocols, which allow them to inspect the traffic/packets at the application layer and in turn allows the traffic through based on how the protocols function.