Skip to content
Log In

Juniper SRX Services Gateway IDPS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000319-IDPS-00184

    Group
    Show

  • To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.

    Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to detect attacks that use unauthorized data mining techniques to attack ...
    Rule Medium Severity
    Show

  • SRG-NET-000319-IDPS-00185

    Group
    Show

  • To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect code injection attacks launched against application objects, including, at a minimum, application URLs and application code.

    Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to detect attacks that use unauthorized data mining techniques to attack ...
    Rule Medium Severity
    Show

  • SRG-NET-000319-IDPS-00186

    Group
    Show

  • SRG-NET-000362-IDPS-00196

    Group
    Show

  • SRG-NET-000362-IDPS-00197

    Group
    Show

  • The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing anomaly-based detection.

    If the network does not provide safeguards against DoS attack, network resources will be unavailable to users. Installation of IDPS components (i.e., sensors) at key boundaries in the architecture...
    Rule Medium Severity
    Show

  • SRG-NET-000362-IDPS-00198

    Group
    Show

  • The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures.

    If the network does not provide safeguards against DoS attack, network resources will be unavailable to users. Installation of IDPS detection and prevention components (i.e., sensors) at key boun...
    Rule Medium Severity
    Show

  • SRG-NET-000392-IDPS-00214

    Group
    Show

  • SRG-NET-000392-IDPS-00216

    Group
    Show

  • SRG-NET-000392-IDPS-00218

    Group
    Show

  • The IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected.

    Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. CJCSM 6510.01B, "...
    Rule Medium Severity
    Show

  • SRG-NET-000251-IDPS-00178

    Group
    Show

  • SRG-NET-000248-IDPS-00206

    Group
    Show

  • SRG-NET-000249-IDPS-00176

    Group
    Show

  • SRG-NET-000249-IDPS-00222

    Group
    Show

  • SRG-NET-000512-IDPS-00194

    Group
    Show

  • The Juniper Networks SRX Series Gateway IDPS must have only active Juniper Networks licenses.

    If the IDP or UTM licenses are allowed to lapse, the Juniper SRX IDPS can still inspect traffic and continue to use the outdated signature database for rules, objects, and dynamic groups. However, ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules