Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible,

Slides:



Advertisements
Similar presentations
| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Advertisements

| Copyright © 2009 Juniper Networks, Inc. | 1 Distributed Enterprise – Channel Proposition Jonathan Hallatt 22 nd July 2009.
Chapter 1: Introduction to Scaling Networks
Introducing Campus Networks
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Agenda Product Overview Hardware Interfaces Software Features
| Copyright © 2009 Juniper Networks, Inc. | 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.
Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.
Guide to Network Defense and Countermeasures Second Edition
Virtual chassis enhancements in Junos 12.2
[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
MSIT 458: Information Security & Assurance By Curtis Pethley.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Citrix Partner Update The Citrix Delivery Centre.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
MIGRATION FROM SCREENOS TO JUNOS based firewall
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
TAILORED SECURITY FOR CRITICAL ASSETS SRX SERIES SERVICES GATEWAYS FOR THE HIGH END PRESENTER NAME DECEMBER 29, 2013.
PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,
Chapter 1: Hierarchical Network Design
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.
1 MICHAEL BANIC VP ENTERPRISE MAKETING. THE NEW DATA CENTER NETWORK.
1 © 1999, Cisco Systems, Inc. The Cisco VPN 3080 Concentrator 0844_04F9_c
ShareTech 2015 Next-Gen UTM.
The Citrix Delivery Center. 2 © 2008 Citrix Systems, Inc. — All rights reserved Every Day, IT Gets More Complex EMPLOYEES PARTNERS CUSTOMERS.
Copyright 2009 Fujitsu America, Inc. 0 Fujitsu PRIMERGY Servers “Next Generation HPC and Cloud Architecture” PRIMERGY CX1000 Tom Donnelly April
11 Copyright © 2009 Juniper Networks, Inc. GERRI ELLIOTT EVP STRATEGIC ALLIANCES.
LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor
FUTURE OF NETWORKING SAJAN PAUL JUNIPER NETWORKS.
11 Copyright © 2009 Juniper Networks, Inc. ANDY INGRAM VP FST PRODUCT MARKETING & BUSINESS DEVELOPMENT.
JUNIPER TECHNOLOGY UPDATE Debbie Montano Jan 31, 2011.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
1 ABNER GERMANOW DIRECTOR ENTERPRISE MARKETING. 2 NEW ATTACK SURFACES DATACENTER CONSOLIDATIONNEW DEVICESBRANCH LOCATIONS.
1 © 2003, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Advancing the Carrier IP/MPLS Edge Routing Technology Group Cisco Systems, Inc. April.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.
Copyright © 2008 Juniper Networks, Inc. 1 Simplifying the Data Center Network Advancing the Fundamentals and Economics of Networking.
MANAGED LAN SERVICES How will you benefit? Managed LAN service  Full LAN service (hardware, operation, other services)  Per-port pricing  International.
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
JUNIPER NETWORKS OVERVIEW March 2012 Ing Stephen Vella Computime Ltd. Head of Technology Solutions.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Embrace the Future of.
Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing.
EX SERIES SWITCHES KEEPING IT SIMPLE Ing. Stephen Attard Computime Ltd Senior Network Engineer.
Radware Next-Gen ADC: From Physical to Virtual to Your Private Cloud Yaron Azerual Product Marketing Manager June 2012.
NSA 240 Overview For End Users. 2 New Challenges To Solve  Threats Are Increasing  Web 2.0 & SaaS  Impacts to servers, users & networks  Threats go.
MAG SERIES JUNOS PULSE GATEWAYS April Copyright © 2011 Juniper Networks, Inc. AGENDA 1.Overview of MAG Series 2.MAG Series Models.
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
Easy Way to Secure the Network Definitely with Cisco ASA.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
Mike Flaum Product Marketing Manager April 23, 2009
SRX3000 Services Gateways: Re-defining Network Security Price / Performance The most flexible, cost-effective solution for mid to large enterprises and.
Barracuda Web Security Flex
Cisco MPLS Enabling Managed Shared Services for Greater Profitability
Barracuda Firewall The Next-Generation Firewall for Everyone
Product Overview April 2009
Campus Communications Fabric
Securing the Network Perimeter with ISA 2004
Tailor slide to customer industry/pain points
Chapter 4: Switched Networks
Presentation transcript:

Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible, cost-effective solution for mid to large enterprises and service providers

Juniper Networks - Leadership & Expertise SRX 5800 NS1000 NS1000 w Switch 2 SRX 5600 NS-5400 ISG 2000 NS-5200 2G FW & 1G VPN 250 VSYS A/A-Full Mesh HA 4G & 12G FW 3M & 9M PPS 500 VSYS <78 interfaces & 4000 VLANs 10G & 30G FW 6M & 18M PPS 10 GigE interfaces Jumbo Frames Hardware AES 1G FW & 1G VPN 100 VSYS 60G & 100+G FW 20G & 40+G IPS 4M & 8M Sessions 2000 Now Gartner’s Magic Quadrant Juniper Networks “Upper-right” Firewall & IPSec VPN Source: Infonetics, Jun 2008

What customers expect... Deliver a superior user experience Integrated Services Faster application and service deployment Scalable Performance Simultaneously Scale Integrated Services and Network Capabilities Carrier Grade Availability Operational Simplicity through a Single Network OS Operational Simplicity Total cost of ownership advantage FAST RELIABLE SECURE 3 3

Today’s Enterprise Requirements Enablement versus Constraint Core / Infrastructure: 10 GigE More traffic, new/next gen apps, video and other streaming media Customers demand full-fledged security posture for network performance Deliver all security services at scale VPN IPSec IPS In the past, decisions were based on three perimeters: Have a tunnel/pipe and the security devices looked at 1) IP address, 2) port and 3) protocol FW 10+ Gbps

Business Challenges Performance and Flexibility Compromise Traditional solutions based on performance/flexibility tradeoff Limited performance options Deploy more platforms Disable “expensive” features Limited flexibility options Deploy dedicated appliances Flexibility Performance

Pitfall of Today’s Security Adaptability Limited flexibility in adapting to business requirements Poor service integration resulting in poor business operations Complex rack space planning Installation, management and maintenance overhead Rack Space Planning: High CAPEX: High OPEX: High 10 Security Requirements FW, IPS & VPN (Gbps) ASA 5540 5 Network Traffic Requirements TODAY Time FUTURE

Dynamic Services Architecture ™ Dedicated Control Plane Built-on Terabit Fabric Interchangeable I/O and processing cards Any service, any card Feature integration on JUNOS Fast time to market Tightest integration between features Carrier-class Reliability Service Integration via JUNOS ™ Dedicated Management Fabric FW IDP NAT VPN DoS QoS Interface Scalability Processing Scalability

SRX Services Gateway Family of JUNOS-based Dynamic Services Gateways Consolidate Management Framework App Layer Forwarding Threat Prevention Access Control Routing Firewall IPS IPSec VPN NAT SRX Dynamic Services Gateway 8

SRX Dynamic Services Gateways Sept 2008 Market Introduction SRX5000 Series Services Gateway Revolutionary Architecture Integrated Services Scalable Performance Operational Simplicity World’s Fastest Security Solution The heritage of ScreenOS on JUNOS

Juniper (mid to high-end) Enterprise Security Portfolio SRX5800 150 Gbps Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery SRX5600 50 Gbps 30 Gbps Products addressing this segment? 10 Gbps NS5400 ISG/IDP FW and Integrated Security Designed for enhanced perimeter and DC security

No Compromise Security: SRX3000-line: The most cost-effective network security solution Maximum Flexibility without Sacrificing Security Unmatched Price / Performance Powered by JUNOS and Juniper’s Dynamic Services Architecture (DSA) Based on Dynamic Services Architecture™ for accelerated new service deployment

SRX3400 Front Rear Hardware Modular chassis Fixed Interfaces 7 slots (4 front, 3 rear) MGT module – dual, hot swap 3U chassis height Fixed Interfaces 12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports Modular Interfaces 16-10/100/1000 16-SFP 2-XFP Performance & Capacities FW – 10/20 Gbps VPN – 6 Gbps IDP – 6 Gbps Concurrent sessions – 1M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 10k Front Rear

SRX3600 Front Rear Hardware Modular chassis Fixed Interfaces 12 slots (6 front, 6 rear) MGT module – dual, hot swap 5U chassis height Fixed Interfaces 12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports Modular Interfaces 16-10/100/1000 16-SFP 2-XFP Performance & Capacities FW – 10/20/30 Gbps VPN – 10 Gbps IDP – 10 Gbps Concurrent sessions – 2M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 20k Front Rear

Sample SRX3000 Base Configurations Minimal Configuration SRX 3400 Chassis 1 SPC 1 NPC SRX3600 Minimal Configuration SRX 3600 Chassis 1 SPC 1 NPC

System configuration flexibility Flexible configuration of IOCs, NPCs and SPCs: SRX3400: 7 slots for Common Form-factor Modules (CFMs): 4 in the front for IOCs and SPCs 3 in the rear for NPCs and SPCs 4 SPCs max (1 min) 2 NPCs max (1 min) 4 IOCs max SRX3600: 12 slots for Common Form-factor Modules (CFMs): 6 in the front for IOCs and SPCs 6 in the rear for NPCs and SPCs 7 SPCs max (1 min) 3 NPCs max (1 min) 6 IOCs max SRX 3400-DC is limited by power supply capacity. No HA limitations.

SRX 3K Packet Flow – Fully Integrated Flow Lookup Classification DoS/DDoS Policing Network Processing Cards Routing / Device MGT RE Services FW/VPN/IDP NAT/Routing Integrated in SRX 5000 IOC Oversubscrptn. Control 1.5 Fabric Fabric  Ingress Packet  Egress Packet Services Processing Cards Input/Output Cards QoS/Shaping

Integrated Services Dynamic Services Architecture Differentiator Juniper SRX Traditional Appliances Dedicated Control Plane   Buildable Processing Pool   Buildable I/O Pool   Scalable Service Engine   Single policy/configuration   Single device to manage  

Adapting to Changing Security Requirements High integration supporting wide range of services Scales as your business grows Minimal/No policy changes required Rack Space Planning: NONE CAPEX: LOW OPEX: LOW 10 Security Requirements FW, IPS & VPN (Gbps) 5 Network Traffic Requirements TODAY Time FUTURE

10 Gbps FW, IPS & IPSec VPN Solution Price per Gbps FW/IPS/IPSec VPN Industry’s Most cost-effective security solution Power Savings 10 Gbps FW, IPS & IPSec VPN Solution Price per Gbps FW/IPS/IPSec VPN 83% SAVINGS 84% SAVINGS 84% SPACE SAVINGS Price per FW Gbps 31 Appliances Cisco ASA 5580 44% SAVINGS Juniper SRX 3600 Juniper SRX 3600 Cisco ASA 5540

Juniper (mid to high-end) Enterprise Security Portfolio SRX5800 150 Gbps Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery SRX5600 50 Gbps SRX3600 30 Gbps SRX3400 10 Gbps NS5400 FW and Integrated Security Designed for enhanced perimeter and DC security ISG/IDP

Juniper Networks Security Manager A comprehensive approach to security management Device-lifecycle management Manages through every phase of device lifecycle: design, deploy, configure, monitor, maintain, upgrade, adjust Manage all aspects of configuration Manage configuration tasks at device, networking and security levels Delegation of administrative access Provides needed power and tools to the right groups (access and control) Control to provide/restrict information to different people within the organization, allowing them to make appropriate decisions Monitor / Maintain Upgrade / Adjust Configure Design / Deploy Juniper NSM is for those environments that have large deployments of Juniper FW/VPN and IDP devices. Right now it manages only the Firewall/VPN and IDP platforms, but going forward that will be extended to other Juniper security platforms as well. The Device Lifecycle

NSM Management Features Description Scheduled Security Updates Automatically update devices with new attack objects Domains Service providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc… Role-based Administration Granular approach in which all 100+ activities in the system may be assigned as a separate permissions Object Locking Multiple administrators can safely and concurrently modify different objects in the system at the same time Audit Logs Sort-able and filterable record of who made which changes to which objects in the system Device Templates Manage shared configuration such as sensor settings in one place Job Manager View pending and completed directives (such as device update) and their status High Availability Active/passive high availability of the management server Scheduled Database Backups Copies of the NSM database may be saved on a daily basis NSM is Juniper’s central management tool for FW/VPN and IDP appliances. Domains and Role-based Admin feature deserves to be pointed out in this slide. While often requested by service providers, this feature is also very valuable to enterprise. It is not uncommon for enterprise to logically divide the roles of administrators based on the type of security gear so that s specific administrator manages firewall policies while others manage IDP policies, etc… It is also common for enterprises to logically separate admin responsibilities based on their business requirements (e.g., a particular admin manages all security gear at a specific branch office while another manages the headquarter).

3-Tier Management Network-Security Manager (NSM) NS-5000 Series ISG / ISG with IDP NSM SSG Series NSM utilizes a 3-tier management architecture which optimizes performance as well as security. From the perspective of the administrator, managing multiple security appliances is greatly simplified. Centralized NSM Server Common User Interface IDP Appliances

JUNOS Future Direction Integrated security and networking on JUNOS Continued leadership in security JUNOS Integrated security and networking on JUNOS Best-in-Class Security Continued leadership in networking Best-in-Class Routing

Ministry of Foreign Affairs The High-Value Branch When remote sites are essential to the organization’s strategic mission, you can WIN! Ministry of Foreign Affairs

What Are High-Value Remote Locations? Gateways to Better Businesses Role Mission Changes The Humble Storefront Revenue Gateway Create new sources of revenue and operational efficiencies Support partners, guests, and devices Reputation and compliance The Mission Critical Clinic Service Gateway Attract and retain valuable clients Centralization of applications and databases; SaaS Privacy and compliance The High-Powered Center of Excellence Innovation Gateway Retain and activate a high quality workforce Advanced collaboration Unrestricted Internet access for employees

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.