Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Juniper idp overview

3,040 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Juniper idp overview

  1. 1. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1 Juniper Networks Intrusion Detection & Prevention June 2006
  2. 2. 3Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Agenda  Security Market Climate • IPS & Security Market • Market Drivers  Juniper Networks IDP Product Overview • Complete Solution – Security Team • Product Features • Product Offering  Management with Juniper Networks NSM  Summary
  3. 3. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4 IPS and Security Market
  4. 4. 5Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Market  IPS technology is a mainstream part of network security for companies of all sizes  Keeping up with new security threats and finding integrated management systems remain key concerns for security admins  Assuring business critical applications have predictable quality of service over nonessential apps like P2P and IM  Need Visibility, Control and Ease of Use
  5. 5. 6Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Worldwide IPS Market  Market focus on IPS technology exemplified by market forecast  Worldwide IDS/IPS revenue expected to top $800 Million by year 2009  Network-based products continue to account for more than 2/3 of total revenue 277 384 427 544 603 667 752 790 819 0 100 200 300 400 500 600 700 800 900 Revenue ($ Million) CY01 CY02 CY03 CY04 CY05 CY06 CY07 CY08 CY09 Year World Wide IDS/IPS Product Revenue Network-based Host-based Source: Network Security Appliance and Software Quarterly Worldwide Market Share and Forecast for 1Q06
  6. 6. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 7 Customer Drivers
  7. 7. 8Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Fear of external network attack and internal noncompliance  External attacks remain the top reason for purchasing security appliances • Failure to block viruses, attacks or malware directly impact end-users  A growing concern meanwhile is ensuring users on the network are doing what they’re supposed to be doing Direct impact to end-users •Quantifiable loss of productivity •Impact to revenue •Headaches to administrators •Unauthorized access to critical data
  8. 8. 9Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Firewall alone is not enough  Every organization is connected to the Internet and deploys some form of firewall  Most enterprise realize firewall alone is not sufficient to block sophisticated attacks Vulnerability Discovered Advisory Issued Exploits Released W orm Released Getting Shorter Lifecycle of Vulnerabilities and Threats
  9. 9. 10Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Business compliance  Need to enforce business practices including types and version of applications  Need to ensure non-business applications does not hinder critical business applications practices
  10. 10. 11Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net New Technology Adoption  Adoptions of new technologies continue to increase  Enterprises are not satisfied to wait until security “catches up”  Convergence of networks open up the infrastructure to new attacks New Technologies = New Risks
  11. 11. 12Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Not Only for Enterprise  Service Providers face similar security concerns as enterprise  Keeping ahead of new security threats considered highest technical challenge by SP Source: Service Provider Plans for VPNs and Security North America, Europe, and Asia Pacific 2006
  12. 12. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 13 IDP Product Overview Security Team
  13. 13. 14Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net The Juniper Approach Complete Solution Service Provider Security Teams Worldwide Juniper Security Team Juniper Customers Juniper Products Technology Vendor Relationships Technology Vendor Relationships Internal ResearchInternal Research 3rd Party Security Teams 3rd Party Security Teams Customer Security Team Customer Security Team Cooperative Security Research Partner MSSP Intelligence Daily Updates
  14. 14. 15Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net The Basic Security Threat Landscape Unknown Threats & Vulnerabilities Known Threats but no known ways to protect Known Threats with available protection
  15. 15. 16Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net The Juniper Advantage  Superior protocol decoding and anomaly detection – the majority of the unknown  Dedicated teams researching protocols and standards  Provide breadth & depth of coverage  Give Security Experts better tools to deal with the unknown Unknown Threats & Vulnerabilities Protocol Anomalies
  16. 16. 17Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Dedicated Security Team  Dedicated team to research vulnerabilities and emerging threats • Protocol decode expertise • Multiple research and vendor partnerships • Reverse engineering experts • Global honey pot network  Industry-leading response time • Daily and Emergency signature updates • Customer Accuracy Program • Team distributed globally • Emergency update within an hour  www.juniper.net/security
  17. 17. 18Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Real-world Example Security Team’s Response 10:17 AM 5/9/2006 Microsoft announces security bulletins; MS06-018, MS06- 019, MS06-20 and posts patches for the vulnerabilities 10:21 AM +4 min Juniper Networks announces coverage for vulnerabilities on all IDP platforms 11:50 AM +1hr 33min TippingPoint provides mixed messages on coverage 11:58 AM +1hr 41min ISS announces coverage only for MS06-019 End of Day No announcements from Cisco or McAfee Symantec announces coverage only for MS06-019  Typical chain of events on recent Microsoft “Super Tuesday”
  18. 18. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 19 IDP Product Overview Product Features
  19. 19. 20Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Thwart Attacks at Every Turn Multiple Methods of Detection •Traffic Anomaly Detection •Network Honeypot Malicious Activities/Attacks •Protocol Anomaly Detection •Stateful Signatures •Synflood Protector •Backdoor Detection •IP Spoof Detection •Layer-2 Attack Detection Recon Multiple Method of Detection Attack Proliferation • Profiler • Security Explorer
  20. 20. 21Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Traffic Anomaly Detection  Method of identifying abnormal traffic usage  No protocol anomalies or specific attack patterns but unusual traffic usage/volume  Example: Ping Sweep • Scan the network to identify resources for possible attack in the future - reconnaissance • Ping sweep from external/suspicious source should alert administrator
  21. 21. 22Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Protocol Anomaly Detection  Protocols are well defined allowing accurate description of “normal” usage  “Abuse” or abnormal use of the protocol are detected by the IDP appliances  Example: FTP Bounce Attack x.x.x.A x.x.x.B Please connect to x.x.x.B (so unauthorized client can receive data) Please open FTP connection x.x.x.B is not the authorized client machine Possible abuse of FTP protocol Request denied!!! FTP Server FTP Client
  22. 22. 23Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Stateful Signatures  Look for attacks in context  Avoid blindly scanning all traffic for particular pattern • Improve efficiency • Reduce false-positives  Example: Code Red Worm • Utilizes HTTP GET request for attack • IDP appliance only scan for the specific request and not any other HTTP traffic
  23. 23. 24Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Backdoor Detection/Trojan  Well-known “Trojan horse” concept  Challenge is to identify the attack when the first line of defense has been overcome  Heuristic method of analyzing interactive traffic  Example: Traffic originating from web server • Web servers typically respond to requests for information, not initiate one • A sign of infected server/node
  24. 24. 25Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Features Addressing Customer Challenges  How can I uncover new network activities?  How can easily I find out what’s really running on my network?  I don’t want to block non-business apps but how else can I control it?  How can I make sure new technologies doesn’t translate to new threats?  Wireless is great but how can I secure it?
  25. 25. 26Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Explorer  Interactive and dynamic touchgraph providing comprehensive network and application layer views • Integrated with Log Viewer and Profiler  Identifies what’s running on a network host • Uncovers attacks, peer IP addresses, open ports, available applications and operating systems NEW - IDP 4.0
  26. 26. 27Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Enhanced Profiler  Uncovers new activities and traffic information across network and application levels  Identifies new protocols, applications and operating systems • Alerts on rogue hosts, servers or IP addresses • Detect unwanted applications like P2P and IM  Records information on active hosts, devices, protocols and services in various contexts • Instant Messaging alias, FTP username, e-mail address, subject heading, etc… NEW - NSM 2006.1
  27. 27. 28Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Diffserv (DSCP) Marking  Controls bandwidth allocation based on specific types of application  Marks on a packet that match an IDP signature  Allows upstream router to enforce on markings (value 1-63) to assure quality of service on critical applications or appropriate response to nonessential apps  Available as an action per IDP rule for full granular control NEW - IDP 4.0
  28. 28. 29Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing VoIP Applications  New Protocol Decode – H.225  Assures that the VoIP signaling and control protocol cannot be used as a source of network attacks or abuse  Protocol decode capability protects underlying vulnerability of protocol  Allows creation of custom attack objects with contexts  VoIP protection on top of existing SIP protocol support  Proactively prevent future exploits NEW - IDP 4.0
  29. 29. 30Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing Database Applications  New Protocol Decode – Oracle TNS  Protects database applications from an increasing number of exploits and buffer overflows in the internal network  Blocks unauthorized users to Oracle servers  Protects the underlying vulnerability of Oracle TNS protocol  Prevents future threats at day zero NEW - IDP 4.0
  30. 30. 31Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing Mobile Data Networks  New Inspection Capability – GTP Encapsulated Traffic • Protects an inherently unsecured traffic • Supports UDP tunnel packets per GTPv0 and GTPv1  Ensures users on cellular network aren’t exposing the entire network to possible attacks  Carrier protection on top of existing inspection for GRE encapsulated traffic NEW - IDP 4.0
  31. 31. 32Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Coordinated Threat Control  Identify specific attacks originating from remote user via SSL VPN and quarantine the user (and only the offending user) Only from Juniper Networks ! Available IDP 3.2r2 Infected Attack 1. User logs in using SSL VPN & deliberate or inadvertent attacks are launched 2. IDP detect the attack and block requests to the internal resources 3. IDP sends identifying data to SA SSL VPN gateway 4. Based on data from IDP, SA quarantine and notifies the user Attack Identifying Data Quarantine
  32. 32. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 33 IDP Product Overview Product Offering
  33. 33. 34Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IDP Product Overview -Timeline 2002 2004 2005 2006 •IDP platform introduced •Integrated Stateful Signature creation and updates •Protocol decodes •Secure response notices •First and only IPS integrating Profiler for best-in-class network awareness •Introduction of fully integrated multi-gigabit FW/VPN/IDP system (ISG 1000 and 2000) •First to introduce daily signature updates •Next generation of network visibility and control •Consolidated security management solution •First to introduce Integrated Threat Control for SSL and IDP appliances
  34. 34. 35Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Typical IPS Deployment Regional Head Office Satellite Office Main Office NSM
  35. 35. 36Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IDP Product Line • Med Bus • Large BO • Enterprise Perimeter • Enterprise Perimeter • Enterprise Perimeter • Internal LAN IDP 50 @ 50Mbps IDP 200 @ 200Mbps IDP 600 @ 500Mbps IDP 1100@ 1 Gbps • SMB • Branch Office • Service Provider • Large Enterprise Perimeter • Internal LAN ISG 1000/2000
  36. 36. 37Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IDP Standalone – 1100 C/F  1100C 1100F IDP 1100 C/FIDP 1100 C/F Optimal for largeOptimal for large enterprise / Gigenterprise / Gig environmentsenvironments Up to 1 Gbps throughput 500,000 max sessions 10 CG or 8 Fiber SX + 2 CG traffic, 1 CG mgmt & 1 CG HA ports HA clustering option Integrated bypass for CG traffic ports
  37. 37. 38Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net High Availability Options Standalone HA state-sync Third-party HA state-sync Bypass Bypass Unit for Fiber Gig networks - IDP 600F - IDP 1100F - ISG
  38. 38. 39Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Solutions for Every Need Juniper IDP Standalone Appliances • 50 Mbps – 1 Gbps • HA Clustering • Centralized policy management •Complement existing FW/VPN •Protect network segments •DMZ •LAN •Departmental servers Juniper ISG Series •Next-Gen Security ASIC (GigaScreen) •Multi-Gigabit FW/VPN/IDP •Centralized policy management •High performance for demanding networks •Virtualization features •Granular rule-by-rule management
  39. 39. 40Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net ISG – Under the hood  Integrated Best-of-breed Security & Networking gear  Multi-Gig 2-way Layer 7 IDP Security Modules  Module “blades” available for ISG-1000 and ISG-2000
  40. 40. 41Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net ISG Series Architecture I/O I/O I/O I/O GigaScreen3 ASIC 1GB RAM Programmable Processors Security modules Dual 1Ghz PowerPC CPU 1GB RAM Management Processing • Dedicated processing helps ensure linear performance • High performance interconnect & flow setup Security Module Processing • Dedicated processing for other security applications Network Level Security Processing • ASIC-accelerated security •Stateful FW, NAT, VPN, DoS/DDoS •Intelligent Intrusion Prevention session load balancing •Embedded programmable processor facilitate new feature acceleration Unmatched processing power!
  41. 41. 42Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net ISG Series Summary: ISG 1000 and ISG 2000 ISG 1000 ISG 2000 Max Throughput: Firewall 1 Gbps 2 Gbps Max Throughput: IPSec VPN (3DES/AES) 1 Gbps 1 Gbps Packets per second: FW/VPN 1.5/1.5 Million 3/1.5 Million Max sessions 500,000 1,000,000 VPN tunnels 2000 10000 Max Throughput: Deep Inspection 200 Mbps 300 Mbps Max Throughput: IDP Up to 1 Gbps Up to 2 Gbps Number of supported security modules (IDP) Up to 2 Up to 3 Number of fixed I/O interfaces 4 – 10/100/1000 0 Max interfaces Up to 20 Up to 28 Number of I/O modules 2 4
  42. 42. 43Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Product Details Juniper Firewall/VPN, with Screen OS Deep Inspection Juniper Stand-alone IDP Juniper ISG Series with IDP Hardware •NS-5XT •NS-5GT •NS-25 •NS-50 •NS-204 •NS-208 •NS-500 •ISG 1000 •ISG 2000 •NS-5200 •NS-5400 •IDP 50 •IDP 200 •IDP 600C •IDP 600F •IDP 1100C •IDP 1100F •ISG 2000 with IDP •ISG 1000 with IDP Software ScreenOS 5.0, 5.1, 5.2 IDP 4.0 ScreenOS 5.0-IDP Management NSM NSM 2006.1 NSM 2004 FP3-IDP1
  43. 43. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 44 Management
  44. 44. 45Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 3-Tier Management – Secure and Scalable Distributed IDP Sensors Distributed ISG with IDP Centralized NSM Server Common User Interface NSM Standalone IDP appliances requires IDP 4.0 for NSM support
  45. 45. 46Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Customers with a Hybrid Network Regional Head Office Satellite Office Main Office FW Mgmt IPS Mgmt FW Mgmt IPS Mgmt FW Mgmt IPS Mgmt  Business Challenges • What is on my network? • Who is on my network?  Product Challenges • Complex network environments • Multi-vendor FW and IPS systems • Multiple Management Systems
  46. 46. 47Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Juniper Networks Customers Regional Head Office Satellite Office Main Office NSM  Juniper Offering • Juniper Networks IDPs & Firewalls • Single Management System • Single User Interface  Business Benefits • Enhanced Network Visibility • Granular Control • Ease of Use
  47. 47. 48Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net NSM Management Features Scheduled Security Updates Automatically update devices with new attack objects. Domains Service providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc… Role-based Administration granular approach in which all 100+ activities in the system may be assigned as separate permissions. Object Locking Multiple administrators can safely and concurrently modify different objects in the system at the same time. Audit Logs Sortable and filterable record of who made which changes to which objects in the system. Device Templates Manage shared configuration such as sensor settings in one place. Job Manager View pending and completed directives (such as device updates) and their status. High Availability Active/passive high availability of the management server. Scheduled Database Backups Copies of the NSM database may be saved on a daily basis. NEW - NSM 2006.1
  48. 48. 49Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Granular IDP Control w/NSM Firewall and IDP management from same user interface Configure attack detectionConfigure desired response
  49. 49. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 50 Summary
  50. 50. 51Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Why Juniper Networks IDP products?  Security Coverage  Product Innovation  Trusted Company  Market Recognition
  51. 51. 52Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Coverage  Multiple prevention methods for protection against entire 'Vulnerability & Attack Lifecycle’  Complete packet capture and protocol decode @ Layer 7, including VoIP protocols  2-way Layer 7 inspection: blocks attacks from client-to-server and server-to-client  100% prevention and accuracy for Shellcode/buffer overflow attacks  100% prevention in protecting against Microsoft Vulnerabilities: Same day & Zero protection on “Patch Tuesday’s”  Comprehensive Spyware protection, including 700+ signatures and growing daily  Daily signature updates, including auto signature updates and auto policy push
  52. 52. 53Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Product Innovation  Next generation of network visibility w/ Security Explorer  Granular, Flexible Management solution for all Juniper Networks security appliances  Automatic custom reports  Multi Gigabit Performance  Multiple Deployment Options  “Profile” the network to understand applications and network traffic  Carrier Class IDP: Multi-Gbps combined with SDX / JNPR Router integration  Custom Signature Editor / Open Signatures Database
  53. 53. 54Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Trusted Company  Financial Strength / $2 Billion in Revenue / Profitable / Cash Reserves  Investment in R&D 25% - 30% of revenue  Product Roadmap – IDP plays a key role in Juniper’s Infranet solution  Global Support & Relationships
  54. 54. 55Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Market Recognition  Most decorated IPS product in 2005 • Winner ‘Editors Choice’ – Network Computing: ‘The Great IPS Test’ • Winner ‘Best Multifunction Appliance’ – Network Computing (Well-Connected) • Winner ‘Best IPS Appliance’ – Network Computing (Well-Connected) • Winner ‘Product of the Year’ – SearchNetworking.com • Winner ‘Product of the Year’ – IDG Research / TechWorld • Winner ‘Best Deployment Scenario’ ISP Guide: City of Burbank, Juniper IDP Customer • Awarded ‘NSS Certification’ for Industry Approved IPS: IDP 600F • Winner ‘Product of the Year’ – ISG 1000 - ZDnet Australia • Winner ‘Editors Choice’ – IDP 200 - ZDnet Australia
  55. 55. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 56 Thanks You!

×