Understanding the IDP Signature Database

The signature database is one of the major components of Intrusion Detection and Prevention (IDP). It contains definitions of different objects—such as attack objects, application signatures objects, and service objects—that are used in defining IDP policy rules. As a response to new vulnerabilities, Juniper Networks periodically provides a file containing attack database updates on the Juniper website. You can download this file to protect your network from new threats.

The IDP signature database is stored on the IDP enabled device and contains definitions of predefined attack objects and groups. These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups as match conditions in IDP policy rules.

Note: You must install the IDP signature-database-update license key on your device for downloading and installing daily signature database updates provided by Juniper Networks. For license details, see the JUNOS Software Administration Guide for Security Devices.

You can perform the following tasks to manage the IDP signature database:

• Update the signature database—Download the attack database updates available on the Juniper Networks website. New attacks are discovered daily, so it is important to keep your signature database up to date.
• Verify the signature database version—Each signature database has a different version number with the latest database having the highest number. You can use the CLI to display the signature database version number.
• Update the protocol detector engine—You can download the protocol detector engine updates along with downloading the signature database. The IDP protocol detector contains Application Layer protocol decoders. The detector is coupled with the IDP policy and is updated together. It is always needed at policy update time, even if there is no change in the detector.
• Schedule signature database updates—You can configure the IDP-enabled device to automatically update the signature database after a set interval.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• IDP Policies Overview
• Understanding IDP Policy Rulebases
• Understanding IDP Policy Rules
• Example: Defining Rules for an IDP IPS Rulebase (CLI)
• Understanding Predefined IDP Policy Templates
• Example: Updating the IDP Signature Database Manually (CLI)
• Example: Updating the Signature Database Automatically (CLI)