Please enable JavaScript.

Coggle requires JavaScript to display documents.

JNCIA-SEC - Coggle Diagram

- - - - What traffic can pass through and what actions need to take to place as traffic passes
    - - Every context has an ordered list to policies
      - Policy evaluation is performed top to bot
  - - - based on the initial policy lookup
    - - for TCP protocol, a TCP reset is sent and for ICMP, UDP, or any orther IP protocol and ICMP reset is sent
    - - packet is silently dropped
  - - - ingress and egress int are in the same zone
  - - - session will remain open if it still matches the policy that allowed the session initially
      - the session will close if the associated policy is renamed, deactivated or deleted
      - This is disabled by default
- - - - Packets are inspected for existing sessions
      - SRX keeps track of session state
      - Default mode for SRX
    - - Traffic is processed like a traditional router on per-packet
      - Each packet is individually inspected for a route lookup
      - Required for packet-mode forwarding services like MPLS forwarding
      - Security features like IPsec, NAT, UTM do not work in this mode
- - - - Dedicated to management network/OOB
        Common designations include fxp0 and me0
    - - Provide communication between the Routing Engine and the Packet Forwarding Engine which auto configured on boot
        Include fxp1 and em0
    - - Provide physical connections to orther devices
        Include: Ethernet, SONET, ATM, TI, DS3
    - - Provide traffic manipulating services such as encapsulation(es), encryption(gr-GRE), tunneling(st), tap, lsq(link service queuing)... through a physical interface card of software
    - - Traffic sent to loopback int is addressed to the same device
        Uses lo0 designation on all platforms
  - - - Protocol Family: inet, inet6, iso, mpls, ethernet-switching
        Address
        Vlan tagging
        Firewall filters or routing policies
    - - Mode: half/full duplex
        Speed: link speed
        MTU
        Encapsulation: PPP, frame relay, PPPoE
- - - - action such class of services and traffic policing
  - - - Perform functions such as incrementing a counter, logging infor ablout packet header, sampling the data or sending infor to a remote host
      - Action include
        
        COUNT
        
        count the number of packet
        
        LOG
        
        log the packet header info
        
        POLICER
        
        to rate limit traffic
        
        SYSLOG
        
        log the packet to system log file
    - - Stops evaluation of a firewall filter for a specific packet
      - Specified action is performed, no additional terms are examined
      - Action include
        
        ACCEPT: cause the system to accept the packet
        
        DISCARD: silently w/o send ICMP respond
        
        REJECT: discard packet and send back ICMP
    - - the next term action
- - - - Uesd to block common network attacks
- - - - only exe scanning => then allow or block
    - - GeoIP
      - Customs Filtering
      - C&C
      - Threat Intel Feeds - support APIs to inject 3rd intelligent feed
    - - Perform deeper analisys on traffic
      - Scan all supported file types
      - Quarantine of infected hosts
  - - - When file is uploaded => check it's has been analyzed yet
        
        YES => stored verdict is return to SRX and not analyzed again
        
        NO => analyzed for malware => flags file and host if files verdict
    - - protects against viruses, trojans, worms, spyware and rootkits
      - Defending against knows threat and malware
      - ATP uses multiple antivirus software packages to analyze a file
    - - File is analyzed without executing
    - - Executed file in a sandbox