Enviar búsqueda
Cargar
Defending the campus juniper nerworks
•
Descargar como PPT, PDF
•
0 recomendaciones
•
233 vistas
B
Brozaa
Seguir
More info :http://goo.gl/LYQuss
Leer menos
Leer más
Educación
Denunciar
Compartir
Denunciar
Compartir
1 de 24
Descargar ahora
Recomendados
My Final Year Project
My Final Year Project
MOHAMMEDELALAM1
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions in
IJNSA Journal
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
TI Safe
Trend Internet of Things
Trend Internet of Things
Deris Stiawan
Network Security Architecture
Network Security Architecture
InnoTech
Ii2514901494
Ii2514901494
IJERA Editor
Palo alto networks product overview
Palo alto networks product overview
Belsoft
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Real-Time Innovations (RTI)
Recomendados
My Final Year Project
My Final Year Project
MOHAMMEDELALAM1
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions in
IJNSA Journal
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
TI Safe
Trend Internet of Things
Trend Internet of Things
Deris Stiawan
Network Security Architecture
Network Security Architecture
InnoTech
Ii2514901494
Ii2514901494
IJERA Editor
Palo alto networks product overview
Palo alto networks product overview
Belsoft
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Real-Time Innovations (RTI)
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
Networking and communications security – network architecture design
Networking and communications security – network architecture design
EnterpriseGRC Solutions, Inc.
wireless communication security PPT, presentation
wireless communication security PPT, presentation
Nitesh Dubey
Network security
Network security
Ravikumar Natarajan
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
woot15-paper-novella
woot15-paper-novella
Eduardo Novella
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Priyanka Aash
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
LiveAction Next Generation Network Management Software
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
Wireless LAN security
Wireless LAN security
Rajan Kumar
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field Study
IJNSA Journal
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
Firewall ppt
Firewall ppt
LakshmiSamivel
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Altaware, Inc.
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
LinkedIn
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Module 6 Wireless Network security
Module 6 Wireless Network security
nikshaikh786
Network security
Network security
Ashok Dwivedi
Information Retrieval
Information Retrieval
yxyx3258
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zero Wait-State
Más contenido relacionado
La actualidad más candente
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
Networking and communications security – network architecture design
Networking and communications security – network architecture design
EnterpriseGRC Solutions, Inc.
wireless communication security PPT, presentation
wireless communication security PPT, presentation
Nitesh Dubey
Network security
Network security
Ravikumar Natarajan
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
woot15-paper-novella
woot15-paper-novella
Eduardo Novella
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Priyanka Aash
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
LiveAction Next Generation Network Management Software
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
Wireless LAN security
Wireless LAN security
Rajan Kumar
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field Study
IJNSA Journal
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
Firewall ppt
Firewall ppt
LakshmiSamivel
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Altaware, Inc.
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
LinkedIn
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Module 6 Wireless Network security
Module 6 Wireless Network security
nikshaikh786
Network security
Network security
Ashok Dwivedi
La actualidad más candente
(20)
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Networking and communications security – network architecture design
Networking and communications security – network architecture design
wireless communication security PPT, presentation
wireless communication security PPT, presentation
Network security
Network security
Security Delivery Platform: Best practices
Security Delivery Platform: Best practices
woot15-paper-novella
woot15-paper-novella
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Wireless LAN security
Wireless LAN security
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field Study
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
Firewall ppt
Firewall ppt
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Module 6 Wireless Network security
Module 6 Wireless Network security
Network security
Network security
Destacado
Information Retrieval
Information Retrieval
yxyx3258
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zero Wait-State
Lesson 15 Key Events
Lesson 15 Key Events
Mr. Flinn
Un dia
Un dia
js434060mhs
Secova pkg
Secova pkg
UFCW Local 7
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Zahid02
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Emina Begić
Paradigmas
Paradigmas
AnaGavidiaEstrada
BPMN 2.0 e BPEL
BPMN 2.0 e BPEL
Pierluigi Sepiacci
Windows Communication Foundation
Windows Communication Foundation
Mahmoud Tolba
HIPAA
HIPAA
LibbyGoodman
Trust Fraud Issues to be aware of
Trust Fraud Issues to be aware of
Michael Belgeri
Etnias del ecuador
Etnias del ecuador
PatricioEncalada89
What makes a good code example?
What makes a good code example?
Masud Rahman
19
19
dinhnam0006
Overview of C Language
Overview of C Language
Prof. Erwin Globio
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
Life Sciences Network marcus evans
MAM Portfolio February 2012
MAM Portfolio February 2012
aboss17
Destacado
(18)
Information Retrieval
Information Retrieval
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Zws e bom2mbom discovery and recommendation process_agileec_v1 0 (2)
Lesson 15 Key Events
Lesson 15 Key Events
Un dia
Un dia
Secova pkg
Secova pkg
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Ahmed Jassat SAOUG ~ Turning Challenges into oppertunities
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Podpora za izboljšanje bralne zmožnosti učenke, opismenjene v tujem jeziku
Paradigmas
Paradigmas
BPMN 2.0 e BPEL
BPMN 2.0 e BPEL
Windows Communication Foundation
Windows Communication Foundation
HIPAA
HIPAA
Trust Fraud Issues to be aware of
Trust Fraud Issues to be aware of
Etnias del ecuador
Etnias del ecuador
What makes a good code example?
What makes a good code example?
19
19
Overview of C Language
Overview of C Language
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
Moving with the Times for Better Drug Development: Interview with: Hasse Krom...
MAM Portfolio February 2012
MAM Portfolio February 2012
Similar a Defending the campus juniper nerworks
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Unisys Corporation
Juniper idp overview
Juniper idp overview
Mohamed Al-Natour
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
Zernike College
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
TI Safe
Presentacion Palo Alto Networks
Presentacion Palo Alto Networks
Laurent Daudré-Vignier
Information Security Risk Management
Information Security Risk Management
ipspat
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless security
Aruba, a Hewlett Packard Enterprise company
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
Minimizing Information Transparency
Minimizing Information Transparency
Usman Arshad
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
PROIDEA
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
ADVA
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
Day4
Day4
Jai4uk
Cyber security event
Cyber security event
Tryzens
IPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
Spikes Security Isla Isolation
Spikes Security Isla Isolation
Cybryx
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
Similar a Defending the campus juniper nerworks
(20)
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Juniper idp overview
Juniper idp overview
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
Presentacion Palo Alto Networks
Presentacion Palo Alto Networks
Information Security Risk Management
Information Security Risk Management
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless security
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Minimizing Information Transparency
Minimizing Information Transparency
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Day4
Day4
Cyber security event
Cyber security event
IPS NAT and VPN.pptx
IPS NAT and VPN.pptx
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Spikes Security Isla Isolation
Spikes Security Isla Isolation
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
Último
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
VishalSingh1417
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
camerronhm
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
Celine George
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
Ramakrishna Reddy Bijjam
Understanding Accommodations and Modifications
Understanding Accommodations and Modifications
MJDuyan
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
dhanalakshmis0310
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
VishalSingh1417
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
christianmathematics
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
David Douglas School District
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Celine George
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
Admir Softic
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
RamjanShidvankar
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Nguyen Thanh Tu Collection
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
Amita Gupta
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
MaryamAhmad92
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
Último
(20)
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
Understanding Accommodations and Modifications
Understanding Accommodations and Modifications
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
Defending the campus juniper nerworks
1.
Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1 Defending the Campus Ed Lopez – Emerging Technologies
2.
2Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net “The Headlines” “‟MafiaBoy‟ DDoS Attack Via University Network” “Postdoc Arrest Linked to Intellectual Property Theft from University Labs” “Hack on University Exposes 1.4M Social Security Numbers” “Universities Fear 6th of Month as Klez Virus Re-erupts” “RIAA Sues Campus File-Swappers” “Weak Security Causes University to Ban Unauthorized Wi-Fi on Campus Nets” “Campus Networks: Havens for Spammers?” “Vital Files Exposed in University Hacking, 32,000 Students and Employees Affected”
3.
3Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Our Users – Our Problem Students – Bandwidth, Active Threat, No Standards Faculty – Openess, Intellectual Property, Communication Administration – Privacy/Financial/Academic Data, Web Services Facilities/Security – Operations, Logistics, Emergency Services Health Services – HIPPA, Medical Support Systems Externals – Support for Gov‟t Projects, External/Joint Academics, Libraries, Research
4.
4Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security is in How We Access Our Networks Dormitories – Wired/Wireless, >1 host to 1 student Libraries – Shared systems, public/anonymous access Commons – Wireless, rogues, „evil twins‟ Telecommuters – Commuting Students, Off-Campus Housing, Fraternities/Sororities, „Starbucks‟ and other community outlets Educational Areas – May have specialized requirements, especially science departments Health Services & Administration – Autonomous but linked Externals – Dedicated support requirements, threat from external security breaches
5.
5Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Campuses – Crucibles for New Technologies and Security Issues Varied OS Support: Windows (multiple versions), MacOS, Linux, BSD, Palm, PocketPC, new handhelds No Personal Firewall/Anti-Virus Standards VoIP: Internally supported, Vonage, etc. Authentication: Passwords (weak), Tokens, SSN vs. Unique Number, Single Sign-On vs. Segmentation Wireless vs. Wired Many Back Channels: POP3, IM, IRC, P2P, FTP, etc. Music: P2P vs. Legal Downloads
6.
6Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net What We Intended
7.
7Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net What We Ended Up With Social Engineering
8.
8Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Firewalls Alone Are Not Enough A TCP/80 client session: • Is it MSIE? • Is it Mozilla Firefox? • Is it a Warez P2P Session? Firewalls, even with application intelligence, only deal with Layer 3&4 But with convergence of multiple applications around well-known ports & protocols, how do we differentiate the legitimate ones from the rogue ones?
9.
9Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Layered Threats – Layered Defenses
10.
10Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Domino Effect
11.
11Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Is Not Required for Applications & Networks to Function! Everything works in the lab! Trust is inherent to design! What are your policies? How are they enforced? How do you detect/prevent malicious traffic, rogue host/apps, and misuse? What is really on your network?
12.
12Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Security Requirements for the Campus Access Defense at Network/Data Centers – No effective perimeters, no control of end-user hosts Network Awareness – Variable users/access/technologies make for quickly changing threats QoS - defending bandwidth for necessary resources, mitigating DoS attacks, policy conformance Segregation of IP Networks – With use of common infrastructure Standardization Where Possible – Enforcement of security processes is a must for applications, data centers, and systems holding sensitive data Provisioned Services – Key to consistant delivery of managable services
13.
13Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing Access Wireless Access = Remote Access Common solution sets mean ease of deployment and common user experience • Can implement roles-based policies SSL VPNs are your friend • Clientless – Just need a browser • Encryption offers confidentiality, integrity of traffic • Defend Remote Access, Wireless Access, Access to Data Centers You can‟t rely on host-based defenses, defend at the ingress • Perimeter defenses (Firewall, ACL) • NAV and Anti-spam on campus web/mail services
14.
14Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Securing Data Centers Best defenses are based on knowing what to defend • You may not control the clients, but you do control the servers Tight perimeter defenses Portaling Intrusion Detection/Prevention Honeypots / Honeynets
15.
15Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Importance of Network Awareness “Network awareness now a new mindset for security professionals.” “Every component of the network is part of the ecosystem.” “The end user is the moving chess piece of the network board.” “The really good intruders study the environment before attacking.” Source: Network Awareness, whitepaper by BlackHat Consulting
16.
16Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IDS – Intrusion Detection System Typically out of line of the data flow on a tap. Evaluates deeper into the packet to validate protocol, search for exploits and anomalies. All 7 layers of the OSI model can be parsed. IDS HELP Dynamic ACL request sent to the router/firewall, or TCP RESET sent to close the session
17.
17Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net IPS – Intrusion Prevention System Typically inline of the data flow. Evaluates deeper into the packet to validate protocol, search for exploits and anomalies. All 7 layers of the OSI model can be parsed. Does not have to rely on other devices in the network to complete it‟s task. IPS
18.
18Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Network Awareness – Know Your Threat! Who is peering with your critical systems? Who are the IRC bots? Who is probing your network? Correlate security events to hosts/network objects
19.
19Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Network QoS – Managed Unfairness Bandwidth isn‟t free and all traffic is not equal Migration continues toward converged network, with multiple services over IP Need to distinguish between the multiple services on the converged network infrastructure Examples: voice and real-time video Implementing QoS allows us to utilize existing bandwidth better QoS tools can be used as security tools to safeguard priority network services and applications VoIP Gold Silver Best Effort VoIPGold Classify Silver Schedule VoIPGoldSilver Transmit
20.
20Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Segregating IP Networks - MPLS Wireless Access Housing Remote Campus VoIP Internet Access Campus Network IP/MPLS Multiple IP nets / Common Infrastructure Security, Access Control at the Edge Provisioned Services - Managability PE PCE
21.
21Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Standardization Openness applies to the user community, not to campus administration and staff Deployed network applications and services must be tightly defined IDS/IPS to look for malicious traffic within these applications and services Standardized authentication systems – centralized online identity control Operational & management support is key to policy enforcement
22.
22Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Provisioned Services Bring all of these security concepts together • Portaling – Present services in a consistent fashion, roles-based authentication • Network Awareness – Defining and provisioning services provides a clear scope • QoS – Protect service resources • Segregation – Reduces threat vectors and malicious logic trees between services • Standardization – Building security in what we deploy Create an atmosphere of what we can do, vs. what we can‟t
23.
23Copyright © 2004
Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net Juniper Networks Portfolio M-series T-series Large Core Metro Aggregation E-series BRAS & Circuit Aggregation Policy & Service Control Small/Med Core Circuit Aggregation Secure Access SSL VPN Intrusion Detection and Prevention Integrated Firewall/IPSEC VPN Central Policy-based Management NMC-RX JUNOScope Secure Meeting Enterprise Routing J-series
24.
Thank You! elopez@juniper.net
Descargar ahora