Soumettre la recherche
Mettre en ligne
Defending the campus juniper nerworks
•
Télécharger en tant que PPT, PDF
•
0 j'aime
•
233 vues
B
Brozaa
Suivre
More info :http://goo.gl/LYQuss
Lire moins
Lire la suite
Formation
Signaler
Partager
Signaler
Partager
1 sur 24
Télécharger maintenant
Recommandé
My Final Year Project
My Final Year Project
MOHAMMEDELALAM1
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions in
IJNSA Journal
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
TI Safe
Trend Internet of Things
Trend Internet of Things
Deris Stiawan
Network Security Architecture
Network Security Architecture
InnoTech
Ii2514901494
Ii2514901494
IJERA Editor
Palo alto networks product overview
Palo alto networks product overview
Belsoft
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Real-Time Innovations (RTI)
Recommandé
My Final Year Project
My Final Year Project
MOHAMMEDELALAM1
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions in
IJNSA Journal
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
TI Safe
Trend Internet of Things
Trend Internet of Things
Deris Stiawan
Network Security Architecture
Network Security Architecture
InnoTech
Ii2514901494
Ii2514901494
IJERA Editor
Palo alto networks product overview
Palo alto networks product overview
Belsoft
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Real-Time Innovations (RTI)
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
Networking and communications security – network architecture design
Networking and communications security – network architecture design
EnterpriseGRC Solutions, Inc.
wireless communication security PPT, presentation
wireless communication security PPT, presentation
Nitesh Dubey
Network security
Network security
Ravikumar Natarajan
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
woot15-paper-novella
woot15-paper-novella
Eduardo Novella
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Priyanka Aash
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
LiveAction Next Generation Network Management Software
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
Wireless LAN security
Wireless LAN security
Rajan Kumar
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field Study
IJNSA Journal
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
Firewall ppt
Firewall ppt
LakshmiSamivel
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Altaware, Inc.
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
LinkedIn
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Module 6 Wireless Network security
Module 6 Wireless Network security
nikshaikh786
Network security
Network security
Ashok Dwivedi
Information Retrieval
Information Retrieval
yxyx3258
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zero Wait-State
Contenu connexe
Tendances
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
Networking and communications security – network architecture design
Networking and communications security – network architecture design
EnterpriseGRC Solutions, Inc.
wireless communication security PPT, presentation
wireless communication security PPT, presentation
Nitesh Dubey
Network security
Network security
Ravikumar Natarajan
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
woot15-paper-novella
woot15-paper-novella
Eduardo Novella
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Priyanka Aash
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
LiveAction Next Generation Network Management Software
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
Wireless LAN security
Wireless LAN security
Rajan Kumar
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field Study
IJNSA Journal
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
Firewall ppt
Firewall ppt
LakshmiSamivel
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Altaware, Inc.
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
LinkedIn
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Module 6 Wireless Network security
Module 6 Wireless Network security
nikshaikh786
Network security
Network security
Ashok Dwivedi
Tendances
(20)
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Networking and communications security – network architecture design
Networking and communications security – network architecture design
wireless communication security PPT, presentation
wireless communication security PPT, presentation
Network security
Network security
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
woot15-paper-novella
woot15-paper-novella
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Wireless LAN security
Wireless LAN security
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field Study
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
Firewall ppt
Firewall ppt
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Module 6 Wireless Network security
Module 6 Wireless Network security
Network security
Network security
En vedette
Information Retrieval
Information Retrieval
yxyx3258
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zero Wait-State
Lesson 15 Key Events
Lesson 15 Key Events
Mr. Flinn
Un dia
Un dia
js434060mhs
Secova pkg
Secova pkg
UFCW Local 7
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Zahid02
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Emina Begić
Paradigmas
Paradigmas
AnaGavidiaEstrada
BPMN 2.0 e BPEL
BPMN 2.0 e BPEL
Pierluigi Sepiacci
Windows Communication Foundation
Windows Communication Foundation
Mahmoud Tolba
HIPAA
HIPAA
LibbyGoodman
Trust Fraud Issues to be aware of
Trust Fraud Issues to be aware of
Michael Belgeri
Etnias del ecuador
Etnias del ecuador
PatricioEncalada89
What makes a good code example?
What makes a good code example?
Masud Rahman
19
19
dinhnam0006
Overview of C Language
Overview of C Language
Prof. Erwin Globio
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
Life Sciences Network marcus evans
MAM Portfolio February 2012
MAM Portfolio February 2012
aboss17
En vedette
(18)
Information Retrieval
Information Retrieval
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Lesson 15 Key Events
Lesson 15 Key Events
Un dia
Un dia
Secova pkg
Secova pkg
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Paradigmas
Paradigmas
BPMN 2.0 e BPEL
BPMN 2.0 e BPEL
Windows Communication Foundation
Windows Communication Foundation
HIPAA
HIPAA
Trust Fraud Issues to be aware of
Trust Fraud Issues to be aware of
Etnias del ecuador
Etnias del ecuador
What makes a good code example?
What makes a good code example?
19
19
Overview of C Language
Overview of C Language
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
MAM Portfolio February 2012
MAM Portfolio February 2012
Similaire à Defending the campus juniper nerworks
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Unisys Corporation
Juniper idp overview
Juniper idp overview
Mohamed Al-Natour
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
Zernike College
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
TI Safe
Presentacion Palo Alto Networks
Presentacion Palo Alto Networks
Laurent Daudré-Vignier
Information Security Risk Management
Information Security Risk Management
ipspat
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless security
Aruba, a Hewlett Packard Enterprise company
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
Minimizing Information Transparency
Minimizing Information Transparency
Usman Arshad
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
PROIDEA
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
ADVA
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
Day4
Day4
Jai4uk
Cyber security event
Cyber security event
Tryzens
IPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
Spikes Security Isla Isolation
Spikes Security Isla Isolation
Cybryx
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
Similaire à Defending the campus juniper nerworks
(20)
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Juniper idp overview
Juniper idp overview
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
Presentacion Palo Alto Networks
Presentacion Palo Alto Networks
Information Security Risk Management
Information Security Risk Management
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless security
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Minimizing Information Transparency
Minimizing Information Transparency
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Day4
Day4
Cyber security event
Cyber security event
IPS NAT and VPN.pptx
IPS NAT and VPN.pptx
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Spikes Security Isla Isolation
Spikes Security Isla Isolation
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
Dernier
mini mental status format.docx
mini mental status format.docx
PoojaSen20
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
RaunakKeshri1
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
chloefrazer622
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
JemimahLaneBuaron
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
eniolaolutunde
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
SafetyChain Software
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
anjaliyadav012327
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Steve Thomason
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
RAM LAL ANAND COLLEGE, DELHI UNIVERSITY.
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Chameera Dedduwage
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Sapna Thakur
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
Dr. Mazin Mohamed alkathiri
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
nomboosow
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
VS Mahajan Coaching Centre
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
pragatimahajan3
Dernier
(20)
mini mental status format.docx
mini mental status format.docx
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
Defending the campus juniper nerworks
1.
Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1 Defending the Campus Ed Lopez – Emerging Technologies
2.
2Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net “The Headlines” “‟MafiaBoy‟ DDoS Attack Via University Network” “Postdoc Arrest Linked to Intellectual Property Theft from University Labs” “Hack on University Exposes 1.4M Social Security Numbers” “Universities Fear 6th of Month as Klez Virus Re-erupts” “RIAA Sues Campus File-Swappers” “Weak Security Causes University to Ban Unauthorized Wi-Fi on Campus Nets” “Campus Networks: Havens for Spammers?” “Vital Files Exposed in University Hacking, 32,000 Students and Employees Affected”
3.
3Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Our Users – Our Problem Students – Bandwidth, Active Threat, No Standards Faculty – Openess, Intellectual Property, Communication Administration – Privacy/Financial/Academic Data, Web Services Facilities/Security – Operations, Logistics, Emergency Services Health Services – HIPPA, Medical Support Systems Externals – Support for Gov‟t Projects, External/Joint Academics, Libraries, Research
4.
4Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security is in How We Access Our Networks Dormitories – Wired/Wireless, >1 host to 1 student Libraries – Shared systems, public/anonymous access Commons – Wireless, rogues, „evil twins‟ Telecommuters – Commuting Students, Off-Campus Housing, Fraternities/Sororities, „Starbucks‟ and other community outlets Educational Areas – May have specialized requirements, especially science departments Health Services & Administration – Autonomous but linked Externals – Dedicated support requirements, threat from external security breaches
5.
5Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Campuses – Crucibles for New Technologies and Security Issues Varied OS Support: Windows (multiple versions), MacOS, Linux, BSD, Palm, PocketPC, new handhelds No Personal Firewall/Anti-Virus Standards VoIP: Internally supported, Vonage, etc. Authentication: Passwords (weak), Tokens, SSN vs. Unique Number, Single Sign-On vs. Segmentation Wireless vs. Wired Many Back Channels: POP3, IM, IRC, P2P, FTP, etc. Music: P2P vs. Legal Downloads
6.
6Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net What We Intended
7.
7Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net What We Ended Up With Social Engineering
8.
8Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Firewalls Alone Are Not Enough A TCP/80 client session: • Is it MSIE? • Is it Mozilla Firefox? • Is it a Warez P2P Session? Firewalls, even with application intelligence, only deal with Layer 3&4 But with convergence of multiple applications around well-known ports & protocols, how do we differentiate the legitimate ones from the rogue ones?
9.
9Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Layered Threats – Layered Defenses
10.
10Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Domino Effect
11.
11Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Is Not Required for Applications & Networks to Function! Everything works in the lab! Trust is inherent to design! What are your policies? How are they enforced? How do you detect/prevent malicious traffic, rogue host/apps, and misuse? What is really on your network?
12.
12Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Requirements for the Campus Access Defense at Network/Data Centers – No effective perimeters, no control of end-user hosts Network Awareness – Variable users/access/technologies make for quickly changing threats QoS - defending bandwidth for necessary resources, mitigating DoS attacks, policy conformance Segregation of IP Networks – With use of common infrastructure Standardization Where Possible – Enforcement of security processes is a must for applications, data centers, and systems holding sensitive data Provisioned Services – Key to consistant delivery of managable services
13.
13Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing Access Wireless Access = Remote Access Common solution sets mean ease of deployment and common user experience • Can implement roles-based policies SSL VPNs are your friend • Clientless – Just need a browser • Encryption offers confidentiality, integrity of traffic • Defend Remote Access, Wireless Access, Access to Data Centers You can‟t rely on host-based defenses, defend at the ingress • Perimeter defenses (Firewall, ACL) • NAV and Anti-spam on campus web/mail services
14.
14Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing Data Centers Best defenses are based on knowing what to defend • You may not control the clients, but you do control the servers Tight perimeter defenses Portaling Intrusion Detection/Prevention Honeypots / Honeynets
15.
15Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Importance of Network Awareness “Network awareness now a new mindset for security professionals.” “Every component of the network is part of the ecosystem.” “The end user is the moving chess piece of the network board.” “The really good intruders study the environment before attacking.” Source: Network Awareness, whitepaper by BlackHat Consulting
16.
16Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IDS – Intrusion Detection System Typically out of line of the data flow on a tap. Evaluates deeper into the packet to validate protocol, search for exploits and anomalies. All 7 layers of the OSI model can be parsed. IDS HELP Dynamic ACL request sent to the router/firewall, or TCP RESET sent to close the session
17.
17Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IPS – Intrusion Prevention System Typically inline of the data flow. Evaluates deeper into the packet to validate protocol, search for exploits and anomalies. All 7 layers of the OSI model can be parsed. Does not have to rely on other devices in the network to complete it‟s task. IPS
18.
18Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Network Awareness – Know Your Threat! Who is peering with your critical systems? Who are the IRC bots? Who is probing your network? Correlate security events to hosts/network objects
19.
19Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Network QoS – Managed Unfairness Bandwidth isn‟t free and all traffic is not equal Migration continues toward converged network, with multiple services over IP Need to distinguish between the multiple services on the converged network infrastructure Examples: voice and real-time video Implementing QoS allows us to utilize existing bandwidth better QoS tools can be used as security tools to safeguard priority network services and applications VoIP Gold Silver Best Effort VoIPGold Classify Silver Schedule VoIPGoldSilver Transmit
20.
20Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Segregating IP Networks - MPLS Wireless Access Housing Remote Campus VoIP Internet Access Campus Network IP/MPLS Multiple IP nets / Common Infrastructure Security, Access Control at the Edge Provisioned Services - Managability PE PCE
21.
21Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Standardization Openness applies to the user community, not to campus administration and staff Deployed network applications and services must be tightly defined IDS/IPS to look for malicious traffic within these applications and services Standardized authentication systems – centralized online identity control Operational & management support is key to policy enforcement
22.
22Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Provisioned Services Bring all of these security concepts together • Portaling – Present services in a consistent fashion, roles-based authentication • Network Awareness – Defining and provisioning services provides a clear scope • QoS – Protect service resources • Segregation – Reduces threat vectors and malicious logic trees between services • Standardization – Building security in what we deploy Create an atmosphere of what we can do, vs. what we can‟t
23.
23Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Juniper Networks Portfolio M-series T-series Large Core Metro Aggregation E-series BRAS & Circuit Aggregation Policy & Service Control Small/Med Core Circuit Aggregation Secure Access SSL VPN Intrusion Detection and Prevention Integrated Firewall/IPSEC VPN Central Policy-based Management NMC-RX JUNOScope Secure Meeting Enterprise Routing J-series
24.
Thank You! elopez@juniper.net
Télécharger maintenant