SRXシリーズ FAQ - UTM/IDP/AppSecure
- IDPの検知試験を簡単に行う方法はありますか?
公開日
:
2017/12/06
更新日
:
−
以下のようにカスタムシグネチャを定義することで実施可能です。
例:HTTPアクセスにおいて、URLに「.txt」が含まれる場合に検知する方法 (http://192.168.1.1/abc.txtなど)
■設定例
例:HTTPアクセスにおいて、URLに「.txt」が含まれる場合に検知する方法 (http://192.168.1.1/abc.txtなど)
■設定例
・IDPポリシの設定
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match source-address any
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match destination-address any
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match application default
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match attacks custom-attacks TXT-BLOCK
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE then action recommended
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE then notification log-attacks
set security idp active-policy IDP-POLICY
・カスタムシグネチャの設定
set security idp custom-attack TXT-BLOCK recommended-action close
set security idp custom-attack TXT-BLOCK severity major
set security idp custom-attack TXT-BLOCK attack-type signature context http-url-parsed
set security idp custom-attack TXT-BLOCK attack-type signature pattern ".*(.txt).*"
set security idp custom-attack TXT-BLOCK attack-type signature direction any
・セキュリティポリシ設定
set security policies from-zone TRUST to-zone UNTRUST policy T-U match source-address any
set security policies from-zone TRUST to-zone UNTRUST policy T-U match destination-address any
set security policies from-zone TRUST to-zone UNTRUST policy T-U match application any
set security policies from-zone TRUST to-zone UNTRUST policy T-U then permit application-services idp
■統計情報出力例
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match source-address any
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match destination-address any
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match application default
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE match attacks custom-attacks TXT-BLOCK
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE then action recommended
set security idp idp-policy IDP-POLICY rulebase-ips rule IDP-RULE then notification log-attacks
set security idp active-policy IDP-POLICY
・カスタムシグネチャの設定
set security idp custom-attack TXT-BLOCK recommended-action close
set security idp custom-attack TXT-BLOCK severity major
set security idp custom-attack TXT-BLOCK attack-type signature context http-url-parsed
set security idp custom-attack TXT-BLOCK attack-type signature pattern ".*(.txt).*"
set security idp custom-attack TXT-BLOCK attack-type signature direction any
・セキュリティポリシ設定
set security policies from-zone TRUST to-zone UNTRUST policy T-U match source-address any
set security policies from-zone TRUST to-zone UNTRUST policy T-U match destination-address any
set security policies from-zone TRUST to-zone UNTRUST policy T-U match application any
set security policies from-zone TRUST to-zone UNTRUST policy T-U then permit application-services idp
> show security idp attack table
IDP attack statistics:
Attack name #Hits
TXT-BLOCK 5
IDP attack statistics:
Attack name #Hits
TXT-BLOCK 5