2-04 Security Products and Solutions by Stephen Philip ...

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1

Juniper Security Products and

Solutions Overview

Stephen Philip Senior Director - Product Marketing

Security Products Group

2Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Agenda Juniper leadership in Security Juniper Product Portfolio Juniper Solutions by Location

• Campus• WAN GW• Data Center• Distributed Organization• Extended Organization


Juniper Leadership in Security

Juniper in the Leadership quadrant for:• Firewall• IPSec VPN• SSL VPN• IPS

# 2 in Network Security• Passed Check Point in Q2

#1 in High End FW/VPN #1 in SSL VPN Growing faster than inline

IPS market

Recognized as leader by GartnerRecognized as leader by Press

U.S. Department of Labor

Recognized as leader by our Customers

Source Infonetics Q2-2006


Proven, Best-in-Class Innovation

UACIC

AAA

OAC

NSM

Policy,Control &Visibility

Security/VPN

SSG

Routing Application Front End

WAN Optimizatio

n

Secure Access


Evolving Challenges and Requirements

Campus

Organization

Organization

Need a secure and resilient infrastructure able to deliver differentiated applications and services across the network

• Single IP infrastructure – demanding applications require network performance• Virtual Organizations - dynamic perimeters, different users, devices, locations and trust

levels• Elevated threat environment – application level attacks and worm propagation

• Regulatory compliance (now global) – granular access controls and auditing


Solutions for the Extended Organization

IP Network

Data Center

U.S. Department of Labor

RA or ExtranetDMZ

Assessment & Containment

• Native checks• Client/Server APIs• Remediation • Cache Cleaner• Virtual Environments• Connection Control

1.Endpoint Assessment & Authentication2. Trusted Xport (IPSec or SSL)

3. Authorize, Enforce & Log

Extended Organization ChallengesDeliver applications securely and appropriately to employees, contractors, partners, suppliers anywhere, anytime

Provision and manage 1000s of endpoints

Handle non-owned devices and networks

Extended Organization SolutionsClient-less model reduces mgmt overhead

SSL VPN per user, per application controls

Endpoint integrity, quarantine, remediation

Application Acceleration (AFE) improves download times & availability


Juniper’s Coordinated Threat Control

LAN

Business Partner

Telecommuter

Correlated Threat Information Identity

Endpoint

Access history

Detailed traffic & threat information

Comprehensive Threat Detection and Prevention Ability to detect and prevent malicious traffic

Full layer 2-7 visibility into all traffic

Proven, market leading technology

Coordinated Identity-Based Threat Response Manual or automatic response

Multiple response options: terminate, disable, or quarantine user

Supplements IDP’s threat prevention

IDP detects

threat and signals SA

SA identifies user & takes

action on user session Signal

Self-registration technology for

easy configuration


Solutions for the Campus Campus Challenges

Protect against outside/inside threatsSegment resources, users, departments

Provide secure WLAN accessScaling across large or multiple campuses

Campus SolutionsDepartment & Virtual firewalls protect departmental resources

Intrusion Prevention mitigate and contains threats

802.1X & SSL VPN secured WLANLarge L3 Routed CampusesUnified access control solution

Infranet Controller, Agent and Enforcer

Departments

Campus #2Campus #1

Departments

Internet


Unified Access Control Overview

AAA AAA ServersIdentity Stores

Firewall Enforcers

Central Policy Manager

Endpoint profiling, user auth, endpoint policy

Dynamic Role Provisioning

User access to protected resources

Protected Resource

802.1XUser admission to network resources

Agent


Unified Access Control Overview

Agent


Firewall Enforcers





Protected Resource

802.1X

User admission to network resources

with SBR

with OAC


Introducing UAC 2.0

Agent


Firewall Enforcers





Protected Resource

802.1X

User admission to network resources

with SBR

with OAC

UAC 2.0 interoperates with any 802.1X infrastructure wired or wireless

UAC 2.0 is TNC compliant for truly open architecture

Access control for guests, contractors and employees

UAC 2.0 can be deployed via:•802.1X only•Overlay w/firewall only•Both, for maximum granularity


Solutions for the Data Center

Data Center ChallengesProtect data, servers, infrastructureMaximize performance, availability, resiliencyConsolidate and simplify architectureTerminate 1000s of VPN connections

Data Center SolutionsHigh performance edge service routers provide 10x over competing solutions

High performance firewall/VPN/security gateway

Intrusion Prevention mitigates threatsSSL for secure accessAFE accelerate applications to usersWAN Optimizer accelerate applications to sites

Web Servers

Internet

App Servers

Data Bases

SLB

WebAccCache

SSLO/L

High performance Routing

Integrated IPS/FW/VPN

Secure Access (SSL)

AFE Application Acceleration

WAN Optimization


How the WAN slows applications

Inability to understand application and WAN performance

Lower-priority apps slow down critical

ones

Protocol chattiness

Visibility and Reporting

Acceleration Application ControlMore rich contentCompression, Caching

VoIP

Web

Oracle

SAP

Application Contention

Limited Bandwidt

hLatency

The WAN Pipe

Manageability

Accelerating Applications over the WAN


Solutions for the WAN Gateway WAN Gateway Challenges

Maximize availability, resiliency, qualityProtect public facing servers and infrastructureOptimal support for broad mix of app & trafficMassive # VPN Connections or Large BW single tunnels

WAN Gateway SolutionsHigh performance Enteprise routersprovide 10x over competing solutions

MPLS for improved quality and traffic engineering

High performance firewall/VPN, security gateway

Intrusion Prevention mitigates threatsSSL VPN Gateway for secure accessWAN Optimization to remote locations

IP Network

Campus Data Center

DMZ

RA or Extranet DMZ

VoIPDMZ

City of Burbank


WAN Gateway Requirements

Value & Number of

ConnectionsApplication Awareness / Protection

Ave Packet Size

Latency & Sensitivity

• Provide high performance for large and small packet traffic mix• Make traffic decisions with low latency to ensure applications are not affected• Handle traffic load, complexity & availability requirements as # & value of connections increase• Understand application requirements and prevent/mitigate application-level attacks

Internet

SSL

VPN DMZ

Web

Partner DMZ

FTP

SSL

DMZ

RADIUS


ISG 2000

I/O I/O I/O I/O

GigaScreen3 ASIC, 1 GB RAMProgrammable Processors

Network Traffic

Dual 1GHz PowerPC CPU2 GB RAM, FPGA



Dual 1GHz PowerPC CPU2 GB RAM

ASIC Module

Security Modules(for IPS)

Management Module

I/O Modules Fixed I/O I/O

Network Traffic

GigaScreen3 ASIC, 1 GB RAMProgrammable Processors



ISG 1000

Dual 1GHz PowerPC CPU2 GB RAM

Juniper Networks ISG Ground-up Design

1

3

21

2

Processing power unmatched by any competitive offering


Internet Back-hauled Branch

Solutions for the Distributed Organization Distributed Organization

ChallengesProtect data, servers, infrastructureImprove application performanceMaximize availability, resiliencySimplify architecture, management

Distributed Organization SolutionsIntrusion Prevention mitigates threats

Dedicated & multi-function firewallsWAN Optimization for branch officesResilient, secure VPN to branch offices

MPLS VPN for QoS and traffic engineering to regional offices

IP/MPLS Network

HQ

Regional Office

Regional Office

Small Branch (1000s) w Split Tunnels

Retail Office (1000s) WiFi Access

Remote Campusw Split Tunnel


Best in Class Security – Secure Services Gateway

SSG 5 - Six fixed form factor models• 7 Fast Ethernet + 1 WAN interface

• ISDN BRI S/T, V.92, Serial• Dual radio 802.11a + 802.11 b/g variants of each

• 160 Mbps FW / 40 Mbps VPN

SSG 20 – 2 modular models• 5 Fast Ethernet + 2 Mini I/O slots

• Mini PIM options include ADSL2+, T1, E1, ISDN BRI S/T, V.92 at FCS

• Dual radio 802.11a + 802.11 b/g variant


SSG 140• 8 FE and 2 GE Interfaces• 4 WAN PIM slots

• Standard J Series WAN interfaces• ISDN, Dual E1 and Dual T1


SSG 550/520• 4 on-board 10/100/1000 ports

• 6 WAN/LAN I/O expansion slots

• Up to 1 Gbps FW/NAT / 500Mbps IPSec / 500 Mbps IPS (DI)

STATUS-2FLASHSTATUS-1SESSIONPOWERALARMCONSOLEMODEMCOMPACT FLASH110/100TX/RXLINK210/100TX/RXLINK310/100TX/RXLINK410/100TX/RXLINKNetScreen –25

O

I

1

2 4

Juniper Networks

Model #

Serial #

3

SSG 250CONSOLE AUXUSB

POWER

ALARM PIM 4

PIM 3

0/8TX/RX LINK

0/9TX/RX LINK

0/2TX/RX LINK

0/0TX/RX LINK

0/1TX/RX LINK TX/RX LINK

RESET

0/3 0/6TX/RX LINK

0/4TX/RX LINK

0/5TX/RX LINK TX/RX LINK

0/7

HA PIM 1

PIM 2STATUS 10/100 10/100/1000

New Secure Services Gateway Models

Advanced Security - Integrated Branch Routing and WAN interfaces

• FW, VPN , AV (including - phishing, - spyware) & Anti SPAM

• ADSL2+, T1, E1, ISDN BRI S/T, V.92, Gig E


Deploy Once – Add Services later

Choose WAN connection & Deploy Device

Base System Cost + WAN I/F

Access Routing & VPN Service

Firewall Service



IPS Service

Web Filtering Service (SurfControl)

AV Service (Kaspersky)

Spam (Symantec)

Additional license cost




Firewall Service



IPS Service

Web Filtering Service (SurfControl)

AV Service (Kaspersky)

Spam (Symantec)

Additional license cost

Additional HW Requirements = None




Firewall Service


Network

Centralized Management

Centralized control over Integrated Security Devices• Remote Management

• Secure remote management of firewall, VPN, content security, and routing across all devices from one location

• Role-based administration• Delegate administrative access to

key support people with Assign specific tasks to specific individuals

• Centralized activation/deactivation of security features

• Application attack protection, Web usage control, Payload attack protection, Spam Control

SecurityOperations

Network

Securit

y

Operatio

nsNetw

ork

Securit

y

Operatio

ns

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23

Thanks

Date post:	19-Oct-2014
Category:	Documents
View:	734 times
Download:	6 times

2-04 Security Products and Solutions by Stephen Philip ...

Documents