What are the two (2) components required for theNetScreenDeep Inspection implementation?
IDP Action Statement
Service Book Group Entries
Address Book Group Entries
Deep Inspection (DI) is a mechanism for filtering the traffic permitted by theNetScreenfirewall. Deep Inspection examines Layer 3 and 4 packet headers and Layer 7 application content and protocol characteristics in an effort to detect and prevent any attacks or anomalous behavior that might be present.
When theNetScreendevice receives the first packet of a session, it inspects the source and destination IP
addressesin the IP packet header (Layer 3 inspection) and the source and destination port numbers and protocol in the TCP segment or UDP datagram header (Layer 4 inspection). If the Layer 3 and 4 components match the criteria specified in a policy, theNetScreendevice then performs the specified action on the packet-permit, deny, or tunnel2. When theNetScreendevice receives a packet for an established session, it compares it with the state information maintained in the session table to determine if it indeed belongs to the session. If you have enabled Deep Inspection in the policy that applies to this packet and the policy action is "permit" or
"tunnel", then theNetScreendevice further inspects it and its associated data stream for attacks. It scans the packet for patterns that match those defined in one or more groups of attack objects. Attack objects can be attack signatures or protocol anomalies, which you can either define yourself or download to theNetScreendevice from an attack object database server.