Mobility is more than BYOD
•Download as PPTX, PDF•
0 likes•954 views
It’s clear that wireless networks bring a lot of benefits to the enterprise. Today, BYOD creates a lot of new opportunities, but also opens your network to new risks and vulnerabilities. With Juniper Networks extensive product portfolio, Kappa Data can offer robust and reliable wireless LAN solutions that ideally can be combined with Juniper’s SSL solutions using the new JUNOS Pulse client for mobile users.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Mobility is more than BYOD
Similar to Mobility is more than BYOD (20)
More from Kappa Data
More from Kappa Data (20)
Recently uploaded
Recently uploaded (20)
Mobility is more than BYOD
- 1. THE SIMPLY CONNECTED CAMPUS MOBILITY IS MORE THAN BYOD Frank Baeyens KappaData seminarie, 21 Juni 2012
- 2. 2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Top WLAN requirements BYOD Unified Policy Performance at Scale Highly Resilient High Density High Scale DEVICE PROLIFERATION 0 50000 100000 150000 200000 250000 300000 350000 400000 Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student 6x Fall Summer Spring 2011 Fall Spring Summer 2010
- 3. 3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net MOBILITY REDEFINES BUSINESS PRACTICES APPLICATION PROLIFERATION Business Applications Personal Applications 42% Increased Productivity 39% Reduced Paperwork 37% Increased Revenue Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research Pulse
- 4. 4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Type of Attack Botnets Trojans Virus Worms DOS APT Malware Secure at the device Secure at the edge Secure L2 – L7 ( application ) Security orchestration “Security at every node” CUSTOMER CHALLENGES DUE TO MAJOR TRENDS Application & Access Complexity Security Risks Exploding New Devices & Platforms Provisioning (On-boarding) Profiling (Identify and track device types) Management Compliance / Security Posture Device Proliferation Access to Applications Control of Applications
- 5. 5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net MOBILITY IS MUCH MORE THAN BYOD Today's business environment requires coordinated access Employee Owned Devices (BYOD) Corporate Owned Devices Guest Devices
- 6. 6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Open access, Captive Portal • Self provisioning • Simple experience • Device type aware policy • Differentiated access • Simple guest access provisioning/control MOBILE USER TYPES AND REQUIREMENTS BYOD (Employee owned) • Self provisioning • Secure Certificate based authenticatio • User, App, Device aware policies • Device management • On-device security • Device, data loss/ theft prevention • Secure network, cloud access Corporate Issued Devices • Self provisioning • Secure Certificate based authentication • User, App, Device aware policy • Content Monitoring • Secure network, cloud SSO • Device agnostic “Follow-me policies” • On-device Security • Device Management • Application Management Guest Devices Employee Owned Devices Corporate Owned Devices
- 7. 7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net DELIVERING ORCHESTRATED SECURITY BRINGING CONTROL BACK TO IT MAG EX Servers AP SRX WLC EX AP Campus Branch Qualify the device 1 Provision and authenticate the user 2 Enforce user and application policies across the network 3 Control the device and avoid data leakage 4 SRX MX MX Simple: Role/user-based access with point-and-click provisioning Automated: Policy proliferation for wired and wireless environments Secure: Application visibility and enforcement including day zero attacks.
- 8. 8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net DELIVERING PERFORMANCE AT SCALE SIMPLE & COST-EFFECTIVE SCALING MAG EX Servers AP SRX WLC EX AP Campus Branch SRX MX MX Wire speed data plane 1 Seamless scalability across wired and wireless 2 Architecturally consistent QoS 3 Wired-like performance everywhere Designed for bandwidth hungry rich-media applications No performance tradeoffs as campus scales
- 9. 9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net DELIVERING HIGH RESILIENCY FOR NON-STOP PRODUCTIVITY MAG Servers SRX WLC MX Campus MX Uninterrupted service for mission-critical applications 1 Seamless upgrade and scalability 2 Simplified operations – 80% fewer devices to manage 3 SRX EX AP Branch EX AP Improved operational efficiency Carrier Class Network for Enterprise No Single Point of Failure
- 10. 10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net ACCESS SOLUTIONS FOR CAMPUS AND BRANCH Juniper Advantage Secure remote access Consistent policy control Identity, role, location and device based access control Enforcement edge with UAC/JUEP on EX, IF-MAP on WLC, JUEP on SRX Firewall with integrated AppSecure and IPS Unified threat management “Always on” App-awareness Mobile device security and management Extensive client support Security Challenge SRX Series MAG Series UAC, SRX, EX Juniper Solution Application visibility Context-based AAA Warranted access Enterprise data protection Secure users and devices Support BYOD Secure connectivity Ubiquitous access Employee remote access Clientless provisioning Device finger printing - profiling with WLC Device management with RingMaster, SmartPass Clientless Provisioning Device profiling WL Series
- 11. 11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net WLM – Management and Access Control RingMaster WLM - Appliance SmartPass JUNIPER WIRELESS - COMPLETE WLAN SOLUTION WLC – Controllers Simple - Secure - Mobile WLA – Access Points
- 12. 12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net JUNIPER WLA SERIES ACCESS POINT FAMILY Q2-2012 802.11abg Indoor 11n Outdoor 11n Single Radio Low Cost AP WLA321 Dual Radio Entry-level AP WLA322 2x2 MIMO Dual Radio High Density WLA522 WLA Series Highlights High performance Intelligent switching AP and band steering autotune RF management Built-in spectrum analysis Bridging and mesh 3 Stream MIMO Dual Radio Max. Performanc e WLA532 Functionality 3x3 MIMO Dual Radio All Weather WLA632 Single Radio Low Cost AP WLA371 Dual Radio Entry-level AP WLA422
- 13. 13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net WLA321/WLA322 ENTRY LEVEL 802.11n WLAN ACCESS POINTS Overview • Indoor 802.11n wireless access points • 2x2 MIMO 2 spatial stream • Compact, discreet form factor, superior aesthetics • WLA321 Single Radio, WLA322 Dual Radio Target Markets • Entry-level price point and performance • Low to medium client density environments • Small Enterprises, Small-to-Medium Branch Offices (Private/Public enterprise) etc. Availability • WLA321: Now • WLA322: Early June 2012
- 14. 14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net JUNIPER WL SERIES FLAGSHIP ACCESS POINT WLA532 INDOOR 802.11N AP 3 Industry Bests Highest Performance AP Lowest Power Consumption AP Smallest Form Factor AP Highest Performance 450Mbps data rate (3x3, 3 spatial stream) • Juniper WLAN is 15-20% less expensive when comparing complete BOMs • Juniper WLA 532 outperforms Cisco and Aruba by up to 35% as validated by Novarum
- 15. 15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net WLA532 VALUE PROPOSITION Superior performance for high density client environments 3X3:3 radio technology is designed for high performance, high density WiFi client environments Higher WLAN capacity at a lower cost WLA532 improved RF subsystem delivers enhanced throughput over distance requiring less APs per floor whilst offering 50% more capacity Reduced energy consumption Peak performance within 802.3af power draw limit 802.3az to improve wired side power efficiency Increased reliability and fewer IT support calls WLA532 supports improved performance for concurrent spectrum monitoring and client service Enhanced Security to protect business communications WLA532 supports Trusted Platform Module (TPM) for ensuring authenticity and integrity of both hardware and software Improved performance for wired-crypto acceleration for secure high-speed link to remote WLAN site
- 16. 16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net WLC - CONTROLLER FAMILY WLC Series Highlights Cluster Reliability In-Service Upgrades One Software Platform Distributed & Centralized 4 AP WLC2 WLC8 12 AP 16 - 128 11n AP 3-Stream WLC800 16 - 256 11n AP 3-Stream WLC880 64 - 512 11n AP WLC2800 # of AP
- 17. 17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net ACTIVE-ACTIVE CONTROLLERS Client Session State Primary controller authenticates/ authorizes client 2 Client Session State Primary propagates session details to backup controller for use during failure 3 A new client associates to the system 1 Member Member Member Secondary Seed Primary Seed
- 18. 18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SMART MOBILE ARCHITECTURE (CENTRALIZED & DISTRIBUTED) Centralized Distributed Security Management Reliability Performance Or both combined/mixed (can be decided per VLAN) WL Series EX Series
- 19. 19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net RINGMASTER VIEW
- 20. 20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING Alerting on interference source Classification and other properties RSSI Duty Cycle Channel(s) impacted Associated events with that source Per AP historical information 30 day history Spectrograph All channels in 2.4GHz and 5GHz band Multiple AP views Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history Auto reconciliation for planned sources Automatic correlation between planned and monitored source Reduce false alarms
- 21. 21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SMARTPASS – ACCESS CONTROL SmartPass is a multi-faceted web-based, access control application suite Guest access module Ease of use / Bulk user creation API for 3rd part application integration SMS / Email creation of guest coupons with Self-Provisioning Accounting database Detailed client accounting history Reporting available via RingMaster. Access control module RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic Radius) Location awareness for client sessions. – Allow or deny access based on location – Change any AAA attribute based on location Access Rules (location based, time based or a combination of both) Centralized Guest Access Database
- 22. 22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net USE CASES Guest onboarding Employee onboarding Provisioning BYOD and access policies Pulse registration Remote access using Pulse
- 23. 23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net GUEST USER ON CORP NETWORK GUEST SELF PROVISIONING & APPLICATION RESTRICT GUEST ID Hospital Guest Login (408) 569-9863 Google www.youtube.com Can’t access!!! This Hospital Is keeping bandwidth for what matters most ! Hospital Network SRX 550 UAC/Pulse Mobile Security WLA532 WLC2800 W/Smartpass
- 24. 24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net EMPLOYEE OWNED DEVICE ON CORP NETWORK EMPLOYEE SELF PROVISIONING & APPLICATION RESTRICT Hospital Network SRX 550 Provisioning Server WLA532 WLC2800 W/Smartpass DOCTOR ID Hospital Login Dr. Brown 423 UAC/Pulse Mobile Security Now connecting to a secure hospital network Electronic Medical Records EMR Can’t access!!! This Hospital Is keeping bandwidth for what matters most !
- 25. 25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net EMPLOYEES ON CORP LIABLE DEVICE HOST CHECKING & APPLICATION RESTRICT Hospital Network SRX 550 UAC/Pulse Mobile Security/SA WLA532 WLC2800 W/Smartpass Dr. Rose 369 Connect Connect Scan is Clean Electronic Medical Records EMR Can’t access!!! This Hospital Is keeping bandwidth for what matters most !
- 26. 26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net On Device Security Antivirus & Antimalware Block SMS & voice spam Endpoint Firewall AntiSpam Loss & Theft Protection Remote lock and wipe Backup & restore GPS locate SIM change notification SSL VPN Full Layer 3 Tunnel Secure Email (ActiveSync proxy) Web VPN (browser-based apps) Monitor & Control Mobile Device Management Application inventory and control Content monitoring Juniper Networks Junos Pulse: Connect, Protect and Control
- 27. 27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net LOST OR STOLEN MOBILE DEVICE REMOTE LOCK AND WIPE Hospital Network WLA532 WLC2800 W/Smartpass SRX 550 UAC/Pulse Mobile Security/SA Dr. Rose 369 Connect Connect Can’t access!!! This device was reported as stolen ! Wiping ipad
- 28. 28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Orchestrated security Granular context based security that adjust policy enforcement to the associated security risks Application Access Controlled Security Risks Contained Devices Comprehensive enterprise offering Broad coverage for user devices, wired and wireless networks Simplicity Centralized policy creation and fully automated enforcement, wired and wireless JUNIPER SIMPLY CONNECTED PORTFOLIO DELIVERS
- 29. THANK YOU
Editor's Notes
- Presenter transcript: Hello everyone. Welcome to the “Simply Connected – Wireless” product training presentation.
- Presenter transcript: To double click on some of the trends, here is an example from one of Juniper’s large university deployments. Their student population has not increased dramatically from Spring 2010 to Fall 2011, yet the devices that are coming onto the wireless network have exponentially grown from averaging to around 50,000 devices for the entire university to almost about 250,000 devices averaged across the Fall semester of 2011. Very specifically, the spring of 2010 we saw the introduction of the iPad from Apple and it has permanently changed the device trend in campus settings, such as a university. So, to recap some of the discussion from the previous slide: bring-your-own-device, an expectation of consistent policy across wired/wireless VPN, an expectation of high performance, high density, high resiliency and high scale are the basic requirements of a strong WLAN offering. Juniper today has the strongest offering in the industry with respect to the bring-your-own-device unified policy, performance, scale, resiliency, and density expectations. ___________________________Reference:Global mobile data traffic to grow 26x in next 5 years to over 6M terabytes per month, Example:if you take a look at this graph we’ve got right here, I call that the “I” phenomenon. It’s a very large Midwestern university, about 9,000 access points, 300 acres, 50,000 students and you can see in the spring of 2010, about 40,000 wireless sessions per day, a little bit of a lull over the summer break and then come back in the fall of 2010 and more than three times the number of daily wireless sessions. Now look at the Fall of 2011 300000 wireless sessions .Now, the university didn’t go out and get another 100,000 students. This is students coming back with mobile devices, iPads, that kind of thing.
- As we discussed, boundaries are blurring between business and personal/private applications. As Enterprises adopt mobility, we see a trend of increasing number of business applications– enhancing business process by leveraging mobility to put the right information in the hands of the user at the right time, making critical decision making faster and more accurate. Some examples would be CRM access for your sales teams, or Electronic Medical Files heavily deployed and relied upon in hospitals. Talking with customers we have learned that they have redefined their business practices, utilizing mobility, to create competitive advantage and higher end-user productivity.A good example I like to use is Evernote – an app a lot of people I know have downloaded on their personal mobile devices. It’s not delivered or driven by corporate IT. But employees are bringing it in to the network, and storing senstive data on it.Why enterprises use APP ?42% Increased Productivity39% Reduced Paperwork37% Increased Revenue
- As we discussed earlier, each successful exploit has three parts – the attacker, threat type, and target – we continue to see change in each. Attacker - in 2005, we saw a shift starting from attackers wanting notoriety to wanting profitability. Today, cybercrime is fully organized and we see crime syndicates out to profit from attacks. These attackers are now well funded, use sophisticated and purpose built tools and target organizations purely for profit. While this is nothing new, what we are seeing today is a move to not only attack “.gov/.com” but to attack “.me/.you”. Attackers are becoming increasingly sophisticated and are profiling not only companies but also individuals. They understand that we all have online identities but also “physical profiles” or “connection points” where we connect to the internet from a variety of places……work, internet café, airport lounge, home. They have realized that often times our security defenses are down or weak at some of these connection points and penetrating individuals’ devices can work quite well outside of the work place. If you can infect a business user at an internet café and then have them walk that device into the enterprise then you can infiltrate the enterprise infrastructure and bypass many of the defenses that are in place today. Attackers understand this and have adopted their behavior. Threat – The threat landscape is also undergoing a change both in terms of the types of attacks and the sophistication and maturation of existing attacks. As expected, we continue to see new types of attacks to bypass the latest technologies that enterprises deploy. Historically, the first large virus outbreak was on the Apple II in 1981. Since then there have been many well documented outbreaks that include the “iLOVEYOU” worm in 2000, SQL Slammer and Blaster worm in 2003 and countless worms, Trojans and other forms of malware. Today, DOS has given way to DDOS and newer threats such as rootkits and botnets have taken hold. The most recent threat is APT which is not only a new type of threat but also a new way to profile and attack networks, systems and organizations. While we see new types of attacks we also see the morphing of existing attack types. As an example a few years ago, the majority of malware was in cleartext which could often be detected by AV or IDP solutions. Today over 80% of malware uses encryption, compression or file packing to bypass traditional AV or IDP technologies. Target - Finally, we also see significant changes with attack targets. Over the past few years there has been an explosion in devices that attackers target ranging from smartphones, to tablets to cloud services. What is particularly interesting about these new targets is the variation of the architecture of these platforms that ranges from more secure platforms such as the iPhone to more open platforms such as the the Android OS. The other primary change we see is around the types of applications being attacked. Historically, most attacks have been focused on traditional corporate application servers and productivity applications such as office. Today, have seen a significant shift to web 2.0 type applications and social networking apps where attackers take advantage of a trusted relationship that is built amongst online users. They understand that there is a real tendency for online users to trust links that other users send within these applications and have used this vector as a target of malware. Transition: The challenge for enterprises today is how do they address the and new and emerging threats in a way that is both scalable and does not significantly drive up cost.
- The network has continued to evolve.
- End to End security1. Qualify the Device : With Juniper simply connected solution you can scan the device to make sure all the credentials that are needed to on board the device to your network are up-to-date. You will be able to force an update if needed, and quarantine the device until it is compliant. This is automatically performed by Juniper MAG and pulse.2. Authenticate the User There are two side effect to consumerization of IT: One is a shift to multi devices per one user with a mix of corporate and privately own. The second is that the user will try to connect to the corporate network from any location he is in.To get control back you will need to shift from securing your network by ports and location to secure your network by users and applications, assigning relevant polices to support the user responsibilities and the business needs. With juniper simply connected we make it easy for Enterprises to build this user centric data base importing their existing information to the centralized policy platform. Unified access control (MAG/UAC) is orchestrated for a wired or wireless clients accessing the network.3. Enforce Security Policies in the User and Application Level Now that we have an approved device with user and application based security policies, we need to have the ability to enforce it in the network. Juniper MAG/UAC will populate the policies to all elements in the network delivering consistent enforcement and ensuring access to the right content from any location. Remote workers will be authenticated through MAG/SSL.With fast pace attackers today, you need fast pace enforcement. The SRX Series Services Gateway includes zero-day protection. In particular, it includes protocol anomaly detection and same-day coverage for newly found vulnerabilities. Additionally, through scheduled security updates configurable by the network security administrator, the SRX gateway can automatically be updated with new attack objects/signatures. Therefore, up-to-the-minute security coverage is provided without manual intervention.4. Control the Device and Avoid Data LeakageWe have an approved device and approved user on the network, working in conjunction with the business needs and capabilities.You will find that the customer may now have concerns around data leakage from lost devices. And no wonder,“ In London more than 30,000 mobile phoned are left behind in taxis every day “ With Juniper solution you can control the mobile device whether it is corporate or privately owned. In a case of lost or stolen device you will be able to track the device location, lock , copy and wipe all corporate data remotely .Simply connected Brings the control back to the corporate Juniper advantage:Easy provisioning and consistent end-to-end enforcement of security policies for users, regardless of device or locationJuniper differentiation:security policies enforced at every part of the networkSimple and secure access with point-and-click provisioningRole-based access depending on user’s profile, identity, and roleNested application visibility and security enforcementCoordinated threat control automated for wired and wireless environments including day zero attacks.
- Wire speed data plane – Asic, Ipsec acceleration, 10GE uplinks, 802.1n,…Seamless scalability – add resources as required with no service impactArchitecturally consistent QoS – queues, bandwidth rate limiting, CAC, automatics distribution of traffic across APs.Wired-like Performance Everywhere: User moves within campus, gets on mobile n/w, logs on from a branch location– seamless experience as he/she moves – feels like always connected to a wired connection at his/her desk. 802.1n AP’s (talk about new WLA532). (Talk about 10GE uplinks on all switches). (Talk about 4 member VC on EX8200 is an industry differentiator) Designed for Bandwidth Hungry Rich-MediaVoice, video. Data traffic across both the wireless and wired access, core switches and security devices. You need large tables and buffers to ensure bursty video traffic can be streamed on mobile devices.3. No Performance Tradeoffs as Campus Scales No tradeoffs between scale and performance as you change and evolve your campus. So, more locations, more users, more apps – same IT budget!To add: Talk about security services with minimal performance impact.
- Designed for Mission-Critical Networks: Enterprise tested , SP proven Redundant components, power supplies, software protocolsEX &WLC : In-Service Software Upgrades allowing for 24/7 operation 2. Layers of Protection for Planned and Unplanned Outages : No single point of failure- animation MAG : MAG support application clustering on one box with hardware redundancy SRX : SRX clustering - no single point of failure . WAN backup using ETH, xDSL, 3G/4G WLC : controller clustering -> all AP in a cluster maintain two active connections EX virtual chassis - Robust design->no single point of failure and superior backplane capacity, Zero Impact Network Fail Over With the combination of MAG & PULSE you will be able to restore content from a stolen or lost device and placed it easily on a new hardware delivering resiliency all the way to the user device. 3. Simplified Operations, simplified wired and wireless, less devices, more automation. Mobility improves business process and not only to support BYODNo Moore’s law for network management costs. You cannot reduce the number of devices but can certainly reduce the number of devices to manage. This is where Juniper is focused and different from all other solutions. Multiple levels of redundancyExperience continuity with Virtual Chassis, Virtual Cluster, and industry’s most resilient coreSimplified operations to reduce human errors and downtime Coordinated Threat Control automated for wired and wireless environments including day zero attacks.
- Pulse MSSApplication access concerns with role based app aware firewallControls apps with “On Device” firewallControl of apps on mobile devices using PulseFull L2-L7 security with App ware firewall
- The WLA321 and WLA322 are next generation, 2x2 indoor 802.11n wireless access points for low to medium client density environments with an attractive price point, compact form factor, superior aesthetics and best-in-class features. These two new access points round out Juniper’s 11n portfolio and provide even greater choice for customer deployments where reliable business class wireless mobility service is needed to serve smaller number of wireless users.
- Presenter transcript: The WLA 532 has had three design goals. We wanted to design the highest performance 11n AP in the industry, the smallest form factor 11n AP in the industry, and the lowest power consumption 11n AP in the industry. We are pleased to announce that we have built an industry best on all three vectors in the form of the WLA532, which is the industry’s highest performance three stream 3x3 11n access point, by all data sheet comparisons it is the lowest power consumption 11n 3x3 three stream AP in the industry and the smallest form factor. Again, simple data sheet comparison proves it’s the smallest form factor 11n AP in the industry. When we mandate this technology in an RFP, we are winning because, as this graph proves, the 532 beats Cisco and Aruba and many other competitors handily. At any given distance on any client, Juniper handily beat the competition from a performance perspective. Juniper also in many of these RFPs is coming at least 15-20%, sometimes even more, less expensive than the competing bill of materials. So, a very strong offering for a high performance 11n AP, that is also low power consuming and small form factor. ___________________________Reference:WLA532 is Junipers next generation 802.11n AP. It is our flagship access point with a discreet form factor, superior aesthetics and best in class performance, out performing similar products from other vendors (beats Aruba 135 with 20% better throughput over distance).WLA 532 is the most compact 3 stream AP on the market. Its refined shape and form factor blends in with most building interiors and its small footprint allows for discreet, safe, easy installations. It has a revolutionary patent pending cross polarized indoor, integrated antenna design that enhances 5Ghz coverage, improving load balancing across 2.4 and 5 GHz and enables seemless roaming. This dual radio design delivers 20% more throughput and 50% more capacity for multimedia applications and very dense mobile WiFi client environments. This highly integrated design delivers high value providing concurrent client access and spectrum analysis. Additionally, it supports encrypted, secure high speed links to remote AP deployments. And the trusted platform module ensures the integrity and authenticity of hardware and software.Energy efficient - Efficient power system design consumes less power than previous generation; it works under 802.3af power draw limit even under peak load and adheres to IEEE802.3az energy efficient Ethernet design to reduce energy consumption when not in use.TECHNICAL Specs:Interfaces Concurrent dual-radio (11an/11gn) operation Up to 450Mbps link speed on 5GHz Up to 195Mbps link speed on 2.4GHz 10x better performance than 802.11a/g 802.3af PoE powerSecurity Encryption at “air” rate 802.11i, WPA2/AES, WPA/TKIP, WEP No stored configuration, no serial port, Kensington lockPerformance and Mobility Local switching for low Latency, high performance Advanced AP to AP VLAN tunnelingManagementAutoTune Dynamic RF managementAntennaSix Internal cross-polarized antennas with 5 degree down-tilt for best signal strengthExternal Antenna model (available Q1)Usability & Ease-of-InstallationVersatile mounting options for ceiling, wall mount and wall plugs
- To safely support a broad variety of mobile devices on your network, both personal and corporate issued, the following should be deployed to protect against today’s and tomorrow’s threats:Secure accessAntivirusPersonal firewallAnti-spamLoss/theft protectionDevice controlSecure accessConsistent end-user experience regardless of device (laptop, netbook, smartphone, tablet)Consistent access policies across devicesSupport for mulitifactor authentication across devicesSupport for a broad range of application and traffic types, including VDIAntivirus (detail provided if you need notes)Real-time protection updated automaticallyScans files received over all network connectionsOn-demand scans of all memory or full deviceAlerts on detectionPersonal Firewall (detail provided if you need notes)Inbound/Outbound Port+IP Filtering automaticallyFull control of alerts/loggingDefault (high/low) filtering options + customizableAntispam (detail provided if you need notes)Blacklist filtering – blocks voice and SMS spamMessage settingsDisable alerts for incoming messages (option)Automatic denial for unknown or unwanted callsLoss theft protection (detail provided if you need notes)Remote Lock and/or Wipe GPS Locate/TrackDevice Backup/RestoreRemote Alarm/NotificationSIM Change Notification Device monitoring (detail provided if you need notes)Application inventory and removalMonitor SMS, MMS, email message contentView phone call log and address book/contactsView photos stored on device T: This suite solves our customer’s problems like nothing else currently available in the market…
- As we discussed earlier, each successful exploit has three parts – the attacker, threat type, and target – we continue to see change in each. Attacker - in 2005, we saw a shift starting from attackers wanting notoriety to wanting profitability. Today, cybercrime is fully organized and we see crime syndicates out to profit from attacks. These attackers are now well funded, use sophisticated and purpose built tools and target organizations purely for profit. While this is nothing new, what we are seeing today is a move to not only attack “.gov/.com” but to attack “.me/.you”. Attackers are becoming increasingly sophisticated and are profiling not only companies but also individuals. They understand that we all have online identities but also “physical profiles” or “connection points” where we connect to the internet from a variety of places……work, internet café, airport lounge, home. They have realized that often times our security defenses are down or weak at some of these connection points and penetrating individuals’ devices can work quite well outside of the work place. If you can infect a business user at an internet café and then have them walk that device into the enterprise then you can infiltrate the enterprise infrastructure and bypass many of the defenses that are in place today. Attackers understand this and have adopted their behavior. Threat – The threat landscape is also undergoing a change both in terms of the types of attacks and the sophistication and maturation of existing attacks. As expected, we continue to see new types of attacks to bypass the latest technologies that enterprises deploy. Historically, the first large virus outbreak was on the Apple II in 1981. Since then there have been many well documented outbreaks that include the “iLOVEYOU” worm in 2000, SQL Slammer and Blaster worm in 2003 and countless worms, Trojans and other forms of malware. Today, DOS has given way to DDOS and newer threats such as rootkits and botnets have taken hold. The most recent threat is APT which is not only a new type of threat but also a new way to profile and attack networks, systems and organizations. While we see new types of attacks we also see the morphing of existing attack types. As an example a few years ago, the majority of malware was in cleartext which could often be detected by AV or IDP solutions. Today over 80% of malware uses encryption, compression or file packing to bypass traditional AV or IDP technologies. Target - Finally, we also see significant changes with attack targets. Over the past few years there has been an explosion in devices that attackers target ranging from smartphones, to tablets to cloud services. What is particularly interesting about these new targets is the variation of the architecture of these platforms that ranges from more secure platforms such as the iPhone to more open platforms such as the the Android OS. The other primary change we see is around the types of applications being attacked. Historically, most attacks have been focused on traditional corporate application servers and productivity applications such as office. Today, have seen a significant shift to web 2.0 type applications and social networking apps where attackers take advantage of a trusted relationship that is built amongst online users. They understand that there is a real tendency for online users to trust links that other users send within these applications and have used this vector as a target of malware. Transition: The challenge for enterprises today is how do they address the and new and emerging threats in a way that is both scalable and does not significantly drive up cost.
- Presenter transcript: Next we’ll take a look at the specific product pieces of WLAN that separate Juniper from the rest of the market.