A Deep Dive into Junos' Screen Options
Juniper Networks' Junos operating system is a high-performance network operating system for a variety of Juniper's networking equipment. One of the key features of Junos is its Screen options, which provide a powerful tool for network administrators to manage and secure their networks. In this blog post, we will take a deep dive into Junos' Screen options, focusing on their functionality and configuration.
What are Screen Options?
Screen options in Junos are a set of security features that provide a line of defense against various types of network attacks. These options allow network administrators to define security policies that can detect and prevent a wide range of threats, including SYN flood attacks, IP spoofing, and port scanning.
Configuring Screen Options
Screen options are configured in the [security screen] section of the Junos configuration. Here is an example of how to configure a screen option to protect against SYN flood attacks:
[edit]
user@host# set security screen ids-option syn-flood screen {
tcp {
syn-flood {
alarm-threshold 1000;
attack-threshold 2000;
source-threshold 1000;
destination-threshold 1000;
timeout 20;
}
}
}
In this example, the alarm-threshold is set to 1000, which means that an alarm will be triggered if the number of SYN packets received per second exceeds this value. The attack-threshold is set to 2000, which means that the system will start dropping SYN packets if the number of SYN packets received per second exceeds this value. The source-threshold and destination-threshold are set to 1000, which means that the system will start dropping SYN packets if the number of SYN packets received from a single source or to a single destination per second exceeds this value. The timeout is set to 20 seconds, which means that the system will stop dropping SYN packets 20 seconds after the attack has stopped.
Monitoring Screen Options
Once you have configured your screen options, you can monitor them using the show security screen statistics command. This command displays statistics about the traffic that has been processed by your screen options, including the number of packets that have been dropped due to each type of attack.
user@host> show security screen statistics
Screen statistics:
IDS attack type Statistics
IP spoofing 0
ICMP flood 0
UDP flood 0
TCP winnuke 0
TCP port scan 0
TCP sweep 0
UDP port scan 0
UDP sweep 0
IP tear drop 0
TCP SYN flood 0
TCP SYN-ACK-ACK proxy 0
TCP SYN-ACK-ACK flood 0
TCP SYN-fin scan 0
TCP SYN-ACK-fin flood 0
TCP land attack 0
TCP null scan 0
TCP scan 0
TCP SYN with data 0
TCP SYN-ACK with data 0
TCP Xmas scan 0
ICMP address sweep 0
ICMP echo request flood 0
ICMP fragment 0
ICMP large packet 0
ICMP ping of death 0
ICMP unreachable flood 0
In conclusion, Junos' Screen options provide a powerful tool for network administrators to protect their networks against a wide range of threats. By understanding how to configure and monitor these options, you can significantly enhance the security of your network.
© Ben Jacobson.RSS