Lane ESD Technology Services Core Firewall Overview
Districts Behind Firewall • Blachly • Creswell • Crow-Applegate-Lorane • Fern Ridge • Junction City • Lowell • Mapleton Screened, but exempt from policies • Marcola • Bethel • McKenzie • Lane Community College • Oakridge • Lane ESD • Pleasant Hill • Siuslaw • South Lane
Netscreen-1000 ISG
Reports • Lane ESD sent a report to districts with their respective policies earlier October. • Any comments or questions around the reports? • Are you okay with the method of transfer and format?
What to include when submitting a policy request? • Short description • Source address or source address group • Destination address or destination address group • Service (what protocol or port #) or service group • Action (accept, deny, reject)
To Deny or Reject? Deny – simply drops packet Reject – drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP “destination unreachable, port unreachable” message (type 3, code 3) for UDP traffic.
Troubleshooting and Monitoring • Do you require a traffic counter or policy log? • Do you require policy scheduling? Do you need a one time exception?
Traffic Counters The total number of bytes of traffic to which this policy applies and records the information in historical graphs.
Policy Logs
Device and Support • Juniper has not issued any notices regarding hardware EOL. • Juniper has announced the end of engineering and support for ScreenOS 6.3 on 01/23/2020. • LESD maintains a support contract with Juniper and keeps up with firmware upgrades. • LESD backs up configuration three times a week. • We send all security level notices to our syslog. Daily log sizes range from 1.8GB to 2.8GB.
Syslog • 2014-10-07 09:00:46 Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00012: UDP flood! From 163.41.125.10:1060 to 163.41.62.5:514, proto UDP (zone netsrvs-untrust int ethernet1/3). Occurred 1 times. (2014-10-07 09:00:54)<000> • 2014-10-07 09:00:46 Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 59.156.126.171:6881 to 163.41.117.203:45433, proto UDP (zone inet-trust int ethernet1/2). Occurred 2 times. (2014-10-07 09:00:54)<000> • 2014-10-07 09:00:46 Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 93.180.5.26:42378 to 163.41.116.98:53, proto UDP (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:54)<000> • 2014-1 • 2014-10-07 09:00:56" duration=0 policy_id=226 service=udp/port:62563 proto=17 src zone=Global dst zone=Global action=Deny sent=0 rcvd=28 src=1.234.228.119 dst=163.41.3.174 src_port=28247 dst_port=62563 session_id=0 reason=Traffic Denied<000> • 2014-10-07 09:00:48 Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 202.107.198.250 to 163.41.118.109, proto 1 (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:56)<000> • 2014-10-07 09:00:48 Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 202.107.198.250:1681 to 163.41.118.109:49153, proto UDP (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:56)<000> • 2014-10-07 09:00:48 Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 118.209.38.14:57398 to 163.41.117.151:46342, proto UDP (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:56)<000>
Recommend
More recommend
