Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Future-Proof Firewall: Juniper SRX 5800

Published byAbner Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "A Future-Proof Firewall: Juniper SRX 5800"— Presentation transcript:

1 A Future-Proof Firewall: Juniper SRX 5800
A proposal to the CSU UTFAB Steve Lovaas, ACNS January 31, 2012 A Future-Proof Firewall: Juniper SRX 5800

2 Presentation overview
Split costs with ACNS for the purchase of a pair of 10-gig capable firewalls for the University datacenter The risks Current protections The speed problem The solution: Juniper SRX 5800 Support, sustainability Costs

3 Current state of risk (1)
Symantec annual threat report, 2011 Over 3 billion malware attacks in 2010 Targeted attacks evolving (not just via spam) Increased use of attack toolkits (automation, quicker) Mobile threats increase (harder to lock down than desktops)

4 Current state of risk (2)
FBI report, 2011 “There are a variety of people and organizations within and outside the United States who may seek to improperly or illegally obtain information from US institutions of higher education: foreign and domestic businesses, individual entrepreneurs, competing academics, terrorist organizations, and foreign intelligence services.”

5 Student data at risk Most central applications that students use are in the datacenter in Engineering E7 RamWeb, AriesWeb, Banner student information system, library SSNs, bank account numbers, grades, student information

6 Our current defenses Several Juniper SSG-series firewalls
IS servers, ActiveDirectory/DNS ACNS web servers not firewalled Server defenses instead (iptables, web server) IDS (Snort), log monitoring (Qradar) Vulnerability scanning (Nessus, AppScan) Client security (Symantec, Safe*Connect)

7 The problem? Speed! 10 gigabits per second 100 gigabits per second
Moore’s Law: individual servers getting faster Virtualization: multiple 1-gig servers on one host CSU core network routers, switches support it Firewall market slower to respond (and expensive) Our current firewalls can’t (and won’t) do it 100 gigabits per second Already shipping to the ISP router market Won’t be far off for CSU

8 Solution: a “future-proof” firewall
Familiar interface, company, support 10-gig interfaces now Backplane support for 100-gig when it comes Intrusion Prevention available High-availability cluster for uptime

9 The Juniper SRX 5800 Meets all criteria Uses JunOS code
(speed/features/support) Uses JunOS code (like our border routers) SRX series in use at CU, DU, UW Juniper engineering staff will assist with all configs, upgrades

10 Support & sustainability
High-availability pair for ensuring uptime 3 years of next-day support Helpdesk, NOC 24x7 on-call, ACNS security team Config backups, uptime monitoring “Future-proof” platform Juniper engineering support for configs/upgrades

11 The finances Hardware: $177,469.50 Support: $92,644 ($30,888/yr)
Chassis, power supplies, service & line cards Support: $92,644 ($30,888/yr) 3-yr next-day support for all hardware No additional staffing or professional services ACNS 50% cost-sharing offer UTFAB request: $135,066.75

12 Questions? Steve Lovaas, IT Security Manager, ACNS

Download ppt "A Future-Proof Firewall: Juniper SRX 5800"

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.

Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
by Evolve IP Managed Services

by Evolve IP Managed Services
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.
MANIT WEB HOSTING SERVICES Presented by - Sandeep Jain & Devesh Lal CRISP, Bhopal.

MANIT WEB HOSTING SERVICES Presented by - Sandeep Jain & Devesh Lal CRISP, Bhopal.
© British Telecommunications plc BT Managed Services Innovate

© British Telecommunications plc BT Managed Services Innovate
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google