Deployments with Juniper IDP

About IDP Technology

Securing intranet work application and resource traffic is vital to protecting the network. You can add levels of application security to detect internal threats coming from users who are authenticated through the system by integrating Ivanti Policy Secure with a Juniper Networks IDP Series sensor.

Ivanti Policy Secure supports standalone IDP and IDP through the Juniper Networks ISG Series Integrated Security Gateways Infranet Enforcer with the IDP Security Module (supported in ScreenOS Release 6.2 or greater).

The IDP sensor monitors the network on which the IDP system is installed. The sensor’s primary task is to detect suspicious and anomalous network traffic based on specific rules defined in IDP rulebases.

The IDP device provides the following types of protection (some of which depend upon the specific configuration):

  • Protects against attacks from user to application.

  • Detects and blocks most network worms based on software vulnerabilities.

  • Detects and blocks non-file-based Trojan Horses.

  • Detects and blocks effects of spyware. adware, and key loggers.

  • Detects and blocks many types of malware.

  • Detects and blocks zero day attacks through the use of anomaly detection.

An IDP Sensor can send logs to one Ivanti Policy Secure only. However, a Ivanti Policy Secure device can receive logs from more than one IDP Sensor.

Using the admin console, you can configure and manage interaction attributes between Ivanti Policy Secure and an IDP, including the following:

  • (With standalone IDP) Global configuration parameters such as the IDP hostname or IP address, the TCP port over which the sensor communicates with Ivanti Policy Secure, and the one-time password Ivanti Policy Secure and IDP use to authenticate with one another.

  • Various levels of attack severity warnings and the action that Ivanti Policy Secure takes.

The IDP sits within the network and monitors traffic from endpoints that are connected through Ivanti Policy Secure. You can position the IDP in-line, or you can configure the IDP in sniffer mode.

After Ivanti Policy Secure connects with the IDP sensor, Ivanti Policy Secure registers all of the IP addresses to be monitored for potential threats. With standalone IDP, you enter the IP addresses to monitor.

Any abnormal events detected by the IDP Sensor are reported to Ivanti Policy Secure, which you configure to take appropriate action based on the severity level of the reported events. The IDP Sensor performs reporting functions to allow you to determine what IP address within the network has launched the attacks in addition to any normal logging the IDP has been configured to undertake.

With a large number of connected users IDP can overwhelm Ivanti Policy Secure with more alert logs than it can process. In this situation, the number of logs sent by the IDP to Ivanti Policy Secure can be controlled by decreasing the severity level setting in the IDP connection settings.

With IDP deployments using the Infranet Enforcer and the IDP Security Module, the Infranet Enforcer can send messages to Pulse debug log.