SlideShare a Scribd company logo

Juniper SA Overview

Download as PPTX, PDF
Daniel Rohan
Daniel Rohan

A quick overview of Juniper's SA SSL VPN device

Technology
1 of 10
Overview: Juniper SSL VPN Strategy, Architecture and Introduction
Technical Overview Features Extranet style web interface access to resources Full/split tunnel capabilities with Network Connect Mobile ready with Junos Pulse No client installation required Granular Authentication, Authorization and Auditing capabilities Secure Meeting Space
Basic Concepts Juniper model for secure remote access is granular allowing each component to be administered en masse or individually Realms -> Users -> Roles -> Resources Realms: Groupings of authentication resources (RADIUS, AD, LDAP, Local, etc) Users: User objects (individuals who will be granted access) Roles: Ad-hoc groups of users that can contain one or more security groups Resources: Specific network resources that roles are enabled to access RDP connections to servers Web pages Network CIDR blocks (ie, 165.124.188.0/26) File Shares
Basic Concepts, Cont’d
IPsec VPN v. SSL VPN: What’s the difference? IPsec Designed for site-to-site encryption over insecure networks Encapsulates packets at the network layer Operates in two modes Transport Mode: Packets payload is encrypted at sender and decrypted at receiver Tunnel Mode: Sessions are built and torn down between endpoints (sites and user) =
IPsec Modes
IPsec continued
SSL VPN Designed specifically for individual remote access to resources Allows for granular access to resources Requires no software installation or configuration Allows for users to have a seamless experience- no more connections and disconnections
SSL Crypto Negotiation
SSL VPN Cont’d

Recommended

RADIUS
RADIUSRADIUS
RADIUSamogh_ubale
 
20071015 Architecting Enterprise Security
20071015 Architecting Enterprise Security20071015 Architecting Enterprise Security
20071015 Architecting Enterprise SecurityDavid Chou
 
10. grid security
10. grid security10. grid security
10. grid securityDr Sandeep Kumar Poonia
 
Data sharing with accountability in cloud
Data sharing with accountability in cloudData sharing with accountability in cloud
Data sharing with accountability in cloudSusheenthiran Sujith
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilitySunkaraHariNarayana
 
The process of authentication
The process of authenticationThe process of authentication
The process of authenticationAbdulrahmanAlmehmadi2
 
The process of authentication
The process of authenticationThe process of authentication
The process of authenticationAbdulrahmanAlmehmadi2
 
Juniper sa-sslvpn
Juniper sa-sslvpnJuniper sa-sslvpn
Juniper sa-sslvpnn|u - The Open Security Community
 

Recommended

RADIUS
RADIUSRADIUS
RADIUSamogh_ubale
 
20071015 Architecting Enterprise Security
20071015 Architecting Enterprise Security20071015 Architecting Enterprise Security
20071015 Architecting Enterprise SecurityDavid Chou
 
10. grid security
10. grid security10. grid security
10. grid securityDr Sandeep Kumar Poonia
 
Data sharing with accountability in cloud
Data sharing with accountability in cloudData sharing with accountability in cloud
Data sharing with accountability in cloudSusheenthiran Sujith
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilitySunkaraHariNarayana
 
The process of authentication
The process of authenticationThe process of authentication
The process of authenticationAbdulrahmanAlmehmadi2
 
The process of authentication
The process of authenticationThe process of authentication
The process of authenticationAbdulrahmanAlmehmadi2
 
Juniper sa-sslvpn
Juniper sa-sslvpnJuniper sa-sslvpn
Juniper sa-sslvpnn|u - The Open Security Community
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program3Anetwork com
 
如何建立IPSEC VPN
如何建立IPSEC VPN如何建立IPSEC VPN
如何建立IPSEC VPNsharetech
 
Cisco 1921 vs. cisco 1941 vs. cisco 1941 w
Cisco 1921 vs. cisco 1941 vs. cisco 1941 wCisco 1921 vs. cisco 1941 vs. cisco 1941 w
Cisco 1921 vs. cisco 1941 vs. cisco 1941 wIT Tech
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
300 101 Dumps - Implementing Cisco IP Routing
300 101 Dumps - Implementing Cisco IP Routing300 101 Dumps - Implementing Cisco IP Routing
300 101 Dumps - Implementing Cisco IP RoutingSara Rock
 
How to create Security on Cisco switch
How to create Security on Cisco switchHow to create Security on Cisco switch
How to create Security on Cisco switchtcpipguru
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP ExamDuane Bodle
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Mohamed Al-Natour
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A TutorialAPNIC
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentationGorantla Mohanavamsi
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...IT Tech
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 

More Related Content

Viewers also liked

Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program3Anetwork com
 
如何建立IPSEC VPN
如何建立IPSEC VPN如何建立IPSEC VPN
如何建立IPSEC VPNsharetech
 
Cisco 1921 vs. cisco 1941 vs. cisco 1941 w
Cisco 1921 vs. cisco 1941 vs. cisco 1941 wCisco 1921 vs. cisco 1941 vs. cisco 1941 w
Cisco 1921 vs. cisco 1941 vs. cisco 1941 wIT Tech
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
300 101 Dumps - Implementing Cisco IP Routing
300 101 Dumps - Implementing Cisco IP Routing300 101 Dumps - Implementing Cisco IP Routing
300 101 Dumps - Implementing Cisco IP RoutingSara Rock
 
How to create Security on Cisco switch
How to create Security on Cisco switchHow to create Security on Cisco switch
How to create Security on Cisco switchtcpipguru
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP ExamDuane Bodle
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Mohamed Al-Natour
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A TutorialAPNIC
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...IT Tech
 

Viewers also liked (17)

Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program
 
如何建立IPSEC VPN
如何建立IPSEC VPN如何建立IPSEC VPN
如何建立IPSEC VPN
 
Cisco 1921 vs. cisco 1941 vs. cisco 1941 w
Cisco 1921 vs. cisco 1941 vs. cisco 1941 wCisco 1921 vs. cisco 1941 vs. cisco 1941 w
Cisco 1921 vs. cisco 1941 vs. cisco 1941 w
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPN
 
300 101 Dumps - Implementing Cisco IP Routing
300 101 Dumps - Implementing Cisco IP Routing300 101 Dumps - Implementing Cisco IP Routing
300 101 Dumps - Implementing Cisco IP Routing
 
How to create Security on Cisco switch
How to create Security on Cisco switchHow to create Security on Cisco switch
How to create Security on Cisco switch
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP Exam
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
 
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 III
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A Tutorial
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentation
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
 

Similar to Juniper SA Overview

[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioAVEVA
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmAbhinandan P.b
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmDocker, Inc.
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...B Navya
 
IEEE paper 2014 abstract
IEEE paper 2014 abstractIEEE paper 2014 abstract
IEEE paper 2014 abstractSenthilvel S
 
Psdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storagePsdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storageZTech Proje
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.pptImXaib
 
Please identify hardware device(s) (peripherals) and describe how a NO.docx
Please identify hardware device(s) (peripherals) and describe how a NO.docxPlease identify hardware device(s) (peripherals) and describe how a NO.docx
Please identify hardware device(s) (peripherals) and describe how a NO.docxrtodd19
 
Kollective_SD_ECDN_WP[1]
Kollective_SD_ECDN_WP[1]Kollective_SD_ECDN_WP[1]
Kollective_SD_ECDN_WP[1]Glen Howard
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
Distributed Computing Environment
Distributed Computing EnvironmentDistributed Computing Environment
Distributed Computing EnvironmentPurushottam Dahal
 
Linux Security in Operating System
Linux Security in Operating SystemLinux Security in Operating System
Linux Security in Operating SystemMeghaj Mallick
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overviewjinpeng
 

Similar to Juniper SA Overview (20)

[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web Studio
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarm
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...
 
IEEE paper 2014 abstract
IEEE paper 2014 abstractIEEE paper 2014 abstract
IEEE paper 2014 abstract
 
Psdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storagePsdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storage
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
 
Please identify hardware device(s) (peripherals) and describe how a NO.docx
Please identify hardware device(s) (peripherals) and describe how a NO.docxPlease identify hardware device(s) (peripherals) and describe how a NO.docx
Please identify hardware device(s) (peripherals) and describe how a NO.docx
 
Kollective_SD_ECDN_WP[1]
Kollective_SD_ECDN_WP[1]Kollective_SD_ECDN_WP[1]
Kollective_SD_ECDN_WP[1]
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Distributed Computing Environment
Distributed Computing EnvironmentDistributed Computing Environment
Distributed Computing Environment
 
Linux Security in Operating System
Linux Security in Operating SystemLinux Security in Operating System
Linux Security in Operating System
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overview
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

Juniper SA Overview

  • 1. Overview: Juniper SSL VPN Strategy, Architecture and Introduction
  • 2. Technical Overview Features Extranet style web interface access to resources Full/split tunnel capabilities with Network Connect Mobile ready with Junos Pulse No client installation required Granular Authentication, Authorization and Auditing capabilities Secure Meeting Space
  • 3. Basic Concepts Juniper model for secure remote access is granular allowing each component to be administered en masse or individually Realms -> Users -> Roles -> Resources Realms: Groupings of authentication resources (RADIUS, AD, LDAP, Local, etc) Users: User objects (individuals who will be granted access) Roles: Ad-hoc groups of users that can contain one or more security groups Resources: Specific network resources that roles are enabled to access RDP connections to servers Web pages Network CIDR blocks (ie, 165.124.188.0/26) File Shares
  • 5. IPsec VPN v. SSL VPN: What’s the difference? IPsec Designed for site-to-site encryption over insecure networks Encapsulates packets at the network layer Operates in two modes Transport Mode: Packets payload is encrypted at sender and decrypted at receiver Tunnel Mode: Sessions are built and torn down between endpoints (sites and user) =
  • 8. SSL VPN Designed specifically for individual remote access to resources Allows for granular access to resources Requires no software installation or configuration Allows for users to have a seamless experience- no more connections and disconnections
  • 9. SSL Crypto Negotiation

Editor's Notes

  1. IPSec was originally developed for secure site to site traffic between physically separated hosts or networks-Was an answer for how to secure networks as companies began transitioning from private ppp links to internet connectionsnote that this is NOT specifically designed for remote access. GRE tunnels are compute intensive, heavy things to set up.it takes the same amount of horsepower it to establish a site to site as it does to establish a remote access tunnel– they are essentially the same thing- same memory, same algorithms, just slightly different methods of handing authentication and key exchangeTherefore, specific client applications or hardware needs to be installed to get these things up and running– the Cisco VPN client we’re all so familiar with or the PIX/ASA/SPA hardwareThis becomes a real problem when you’re dealing with consultants or contractors that you’ll never meet– how do you get the client software/hardware installed properly?IPSec handles packets at the network layer of the Internet Model. This is important because it means that applications can function over a IPSec connection without having to be modified or hacked upNotable exceptions: multicast traffic, NAT’d client traffic (ESP in transport mode or IPsec authentication headers)This also means that since the connection is a true IP connection, the end user (or network) truly becomes a node on the destination network and can interact with devices or provide services to the network as if it were local.This is a benefit from many user’s perspectives as they can typically function exactly as they are used to at workBut this is a downside from a security perspective. It is functionally equivalent to handing a contractor a network cable- no real, granular authorization, little audit trail.
  2. Another pro of SSL VPN’s is that they allow more precise access control. First of all they provide tunnels to specific applications rather than to the entire corporate LAN. So, users on SSL VPN connections can only access the applications that they are configured to access rather than the whole network. Second, it is easier to provide different access rights to different users and have more granular control over user access.