1. Información segura. Negocios seguros.
Securing the Network
Securing the Network
Ricardo Ross
Ricardo Ross
Juniper Networks Channel Account Manager
LOGO ORADOR
3. Perimeters
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote
Laptop Internet
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
4. Perimeters
• LAN Access
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
5. Perimeters
• Remote Access
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
6. Perimeters
• Campus – Data Center
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
7. Perimeters
• Remote – Data Center
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
8. Perimeters
• Branch – Data Center
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
9. Perimeters
• Campus – Internet
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
10. Threats and Protections
Threat Protection
Internal Network Structure Non Hidden
I t lN t k St t N Hidd Firewall
Fi ll
One Networks Segment Firewall
One Security Zone Firewall
Flooding and DoS Firewall
Protocol Weakness Exploitation IDP
Vulnerabilities Exploitation ‐ Applications and OS IDP
Application/Service DoS IDP
Unexpected traffic patterns IDP
Scanning Firewall, IDP
Brute Force ‐ Cracking Passwords Firewall, IDP
IP Spoofing Firewall, IDP
Non‐Integrity and Non‐Privacy Sessions Site to Site VPN Ipsec
Non‐Integrity and Non‐Privacy Sessions Client to Site SSLVPN
LOGO ORADOR
11. Threats and Protections
Threat Protection
Access Controller, End Point Access Control Agent, 802.1x
Access Controller End Point Access Control Agent 802 1x
Unauthorized Network Admission L2
Device
Unauthorized Network Admission L3 Access Controller, End Point Access Control Agent, Firewall
Unauthorized Server Access g
Access Controller, End Point Access Control Agent, Firewall
Access Controller, End Point Access Control Agent, Firewall,
Identity Spoofing
IDP
Unauthorized Application Access Access Controller, End Point Access Control Agent, IDP
Access Controller, End Point Access Control Agent, 802.1x
Weak User Authentication
Device, Firewall
Access Controller, End Point Access Control Agent, 802.1x
Weak User Authorization
Device, Firewall
Device Firewall
Access Controller, End Point Access Control Agent, 802.1x
Unmanaged Traffic ‐ Bandwidth Abuse
Device, Firewall, IDP
Access Controller, End Point Access Control Agent, 802.1x
Access Controller, End Point Access Control Agent, 802.1x
Non‐Compliant End Points
Device, Firewall, IDP
LOGO ORADOR
12. Threats and Protections
Threat Protection
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Virus
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Trojans
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
A C ll E d P i A C lA A i i A i Ad A i
Worms
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Keyloggers
py g g
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Adware
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Spyware
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Malware
Spyware+Anti‐Pishing, IDP, Web Filtering
Access Controller, End Point Access Control Agent, Antivirus+Anti‐Adware+Anti‐
Access Controller End Point Access Control Agent Antivirus+Anti Adware+Anti
Backdoors
Spyware+Anti‐Pishing, IDP, Web Filtering
LOGO ORADOR
13. Threats and Protections
Threat Protection
Spam AntiSpam
AntiSpam, Antivirus+Anti‐Adware+Anti‐
Pishing
Spyware+Anti‐Pishing, Web Filtering
Access to Inappropriate Web sites Web Filtering
Access to Malicious Websites Web Filtering
Data Leakage Content Filtering
LOGO ORADOR
14. Securing the Network
• LAN Access
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
15. Securing the Network
• Remote Access
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
16. Securing the Network
• Campus – Data Center
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
17. Securing the Network
• Remote – Data Center
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
18. Securing the Network
• Branch – Data Center
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
19. Securing the Network
• Campus – Internet
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR
20. Securing the Network
Policy Management Device Configuration Remediation Event & Flow Processing
VPN Management Version Control User Activity Management Correlation
Object Management Software Image Management Real Time Monitoring
WAN Analysis
Inventory Management Security Update Event & Flow Collection Reporting
Networking Security OS/Applications
Visibility & Control Enterprise-wide
Users Devices Campus Datacenter
Core
PC
Employees
Customers Remote Internet
Laptop
Guests
Partners
Vendors Branch
Suppliers
PDA
Contractors
Off-Shore WAN
Outsourced
Cell Phone
LOGO ORADOR