phone

Call us at: +46-(8)-5016 12 00

or click here to get to our contact form

excedoNewsRoomLogo

JUNIPER NETWORKS

juniper_networks-210px

Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level

As threats to the network grow more prevalent and destructive, securing the infrastructure is critical to maintaining a viable business. Attacks come from multiple sources in a variety of forms. Enterprises and service providers need more than just a security device; they require a comprehensive, reliable, and integrated security solution backed by an industry leader.

The Juniper Networks® integrated security devices are purpose-built to perform essential networking security functions. Optimized for maximum performance and feature integration, they are designed on top of robust networking and security real-time operating systems, Juniper Networks JUNOS® Software and ScreenOS. Designed from ground up to provide the superior networking and security capabilities, these operating systems are not plagued by inefficiencies and vulnerabilities of general-purpose operating systems.

With a range of purpose-built, high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters. These integrated devices can protect the network from all manner of attacks and malware while simultaneously facilitating secure business-tobusiness communications.

Product Line highlights:

  • Complete set of Unified Threat Management (UTM) security features—including stateful firewall, intrusion prevention, antivirus, anti-spyware, anti-adware, and antiphishing), anti-spam, and Web filtering—stops worms, spyware, trojans, malware, and other emerging attacks. (Note that not all UTM features are available on all platforms.)
  • Centralized, policy-based management minimizes the chance of overlooking security holes by simplifying rollout and network-wide updates.
  • Virtualization technologies make it easy for administrators to divide the network into secure segments for additional protection.
  • Various high-availability options offer the best redundant capabilties for any given network.
  • Rapid-deployment features, including Auto Connect VPN and Dynamic VPN services, help minimize the administrative burden associated with widespread IPsec deployments.

Perimeter Defense Begins with Network-Level Protection:

To protect against network-level attacks, Juniper Networks devices use a dynamic packet filtering method known as stateful inspection to unmask malicious traffic. With this method, firewalls collect information on various components in a packet header, including source and destination IP addresses, source and destination port numbers, and packet sequence numbers. When a responding packet arrives, the firewall will compare the information reported in its header with the state of its associated session. If they do not match, the packet is dropped.

Stateful inspection provides more security than other firewall technology such as packet filtering because the traffic is examined under the context of the connection and not as a collection of various packets. By default, the Juniper Networks firewall denies all traffic in all directions. Then, by using centralized, policy-based management, enterprises can create security policies that define the parameters of traffic that is permitted to pass from specified sources to specified destinations.

Secure, reliable WAN connectivity also plays an important role in network-level protection. By deploying robust virtual private networks (VPNs), remote sites can be securely connected to other remote sites and to centralized data and applications using high-bandwidth shared media such as the Internet. Features such as Auto Connect VPN, available on select models, can help ease the administration and management of VPNs, particularly in hub-and-spoke topologies, allowing secure connections to be automatically set up and taken down without manual configuration.

Day-Zero Protection Against Application-Level Attacks

To help block malicious application-level attacks, Juniper Networks seamlessly integrates intrusion prevention across the entire product line. For central enterprise sites, data center environments and service provider networks with high volumes of throughput, the Juniper Networks ISG Series Integrated Security Gateways with IPS, Juniper Networks SRX100, SRX210, SRX240, SRX650, SRX3000 line and SRX5000 line of services gateways can be deployed for application-level protection. The ISG Series and SRX Series tightly integrates the same software found on the Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to provide unmatched application-level protection against worms, trojans, spyware, and malware. More than 60 protocols are supported including those used by advanced applications such as VoIP and streaming media.

Unmatched security processing power and network segmentation features protect critical high-speed networks against the penetration and proliferation of existing and emerging application-level threats. With multiple attack detection mechanisms, including stateful signatures and protocol anomaly, the ISG Series and SRX Series performs in-depth analysis of application protocol, context, and state to deliver Zero-day protection from application level attacks On all other models, security administrators can deploy IPS capability using Deep Inspection to block application-level attacks before they infect the network and inflict any damages. Deep Inspection utilizes two of the eight attack-detection mechanisms available on the standalone IDP Series appliances and integrates them with the stateful inspection firewall.

Integrated Antivirus Protects Remote Locations

For remote offices or smaller locations without full-time IT staff, integration and simplicity are an absolute must in any security solution. Juniper Networks currently provides integrated file-based antivirus protection from Kaspersky Lab on the Juniper Networks SSG Series family and the SRX Series Services Gateways for the branch. These products combine firewall and VPN capabilities with an antivirus scanning engine that includes anti-phishing, anti-spyware, anti-adware to provide a comprehensive security solution in a single device.

These integrated appliances scan for viruses imbedded in both email and Web traffic by scrutinizing IMAP, SMTP, FTP, POP3, IM and HTTP protocols. They provide the most advanced protection from today’s fast-spreading worms, viruses, trojans, spyware, and other malware from damaging the network. With its ability to uncompress files using common protocols, the engine scans deep inside attachments to detect threats hidden in multiple levels of compression.

Controlling Access to Known Malware and Phishing Web Sites

Employees who access inappropriate Web sites from the corporate network risk bringing malicious software into the organization. Worse, their errors in judgment could also expose the company to litigation for not having adequate controls in place. Juniper Networks integrated security devices are the ideal solution to help organizations devise and enforce responsible Web usage policies.

Two approaches are available: external and integrated Web filtering. External Web filtering, available on all Juniper Networks firewall and VPN devices, redirects traffic from the device to a dedicated Websense Web filtering server for enforcement of the organization’s policies. Integrated Web filtering, available on the Juniper Networks SRX Series Services Gateways for the branch and SSG Series, enables enterprises to build their own Web access policies by selectively blocking access to sites listed in a continuously updated database. Maintained by Websense, a Juniper Networks security alliance partner, the database lists more than 20+ million URLs organized into more than 54 categories of potentially problematic content.

Customers can rapidly deploy integrated or external Web filtering using default configurations based on the Websense database. Web filtering profiles can be customized by using black lists or white lists, plus a number of predefined and userdefined categories.

Blocking Inbound Spam and Phishing Attacks

Juniper Networks has teamed with Symantec Corporation to leverage Symantec’s market-leading anti-spam solution and reputation service for Juniper’s small-tomedium office platforms to help limit unwanted emails and the potential attacks they carry. Installed on the Juniper Networks firewall/VPN gateway, the anti-spam engine filters incoming email from known spam and phishing users, acting as a first line of defense. When a known malicious email arrives, it is blocked and/or flagged so that the email server can take appropriate action. Integrated anti-spam is available on the entire SSG Series family and the SRX Series Services Gateways for the branch.

Virtualization Boosts Security by Dividing the Network into Multiple Network Segments

Virtualization technologies in the Juniper Networks integrated firewall/VPN, and secure router security solutions enable users to segment their network into many separate compartments, all controlled through a single appliance. Administrators can simply segment traffic bound for different destinations, or they can further divide the network into distinct, secure segments with their own firewalls and separate security policies. The firewall/VPN devices support the following virtualization technologies:

  • Security Zones: Supported on every product, security zones represent virtual sections of the network, segmented into logical areas. Security zones can be assigned to a physical interface or, on the larger devices, to a virtual system. When assigned to a virtual system, multiple zones can share a single physical interface which lowers ownership costs by effectively increasing interface densities.
  • Virtual Systems (VSYS): Available on the ISG Series and the NetScreen 5000 line, virtual systems are an additional level of partitioning that creates multiple independent virtual environments, each with its own set of users, firewalls, VPNs, security policies, and management interfaces. By providing administrators with the ability to quickly segment networks into multiple secure environments managed through a single device, VSYS enables network operators to build multi-customer solutions with fewer physical firewalls and reduced administrative attention. This reduces both capital and operational expenses.
  • Virtual Routers (VR): Supported on all products, virtual routers enable administrators to partition a single device so it functions like multiple physical routers. Each VR can support its own domains, ensuring that no routing information is exchanged with domains established on other VRs. This enables a single device to support multiple customer environments, lowering total cost of ownership.
  • Virtual LANs (VLAN): Supported on all platforms, VLANs are a logical – not physical – division of a subnetwork that enables administrators to identify and segment traffic at a very granular level. Security policies can specify how traffic is routed from each VLAN to a security zone, virtual system or physical interface. This makes it easy for administrators to identify and organize traffic from multiple departments and define what resources each can access.