Juniper networks

  • View
    76

  • Download
    2

Embed Size (px)

DESCRIPTION

Juniper networks. Nueva Estrategia de Seguridad frente a los C iberataques. José Fidel Tomás – fidel.tomas@juniper.net. 2 Customer Segments. 3 Businesses. 2-3-7: Juniper’s business strategy. Service Provider. Enterprise. Routing. Switching. Datacenter. Edge. WAN. 7 Domains. - PowerPoint PPT Presentation

Text of Juniper networks

PowerPoint Presentation

Juniper networksNueva Estrategia de Seguridad frente a los CiberataquesJos Fidel Toms fidel.tomas@juniper.netExecutive Intro SlideSlide TypeJuniper Networks Large Venue Template / 16x9 / V62-3-7: Junipers business strategyService Provider

Access & Aggregation

Edge

Core

Datacenter

Campus& BranchSwitching

Routing

Enterprise

Consumer& Business Device

WAN2 Customer Segments3 Businesses7 DomainsSecurityTitle and BulletsSlide TypeJuniper Networks Large Venue Template / 16x9 / V62

Executing on the strategyUsersData CentersSecurity IntelligenceClientIntrusionDeceptionInternal AttackProtectionApplication VisibilityWeb SecurityIPSFirewallSecurity Management

ContentSecurityNetwork SecuritySlide TypeJuniper Networks Large Venue Template / 16x9 / V6Critical Data

54% of large orgs hacked viainsecure Web apps

DDoS-related downtime has doubled in 2013

DDoS Threatens AvailabilityHacking Targets Valuable Data

Datacenter security has unique challengesNextGen Firewall Has Little RelvanceTitle and BulletsSlide TypeJuniper Networks Large Venue Template / 16x9 / V64The customer Problem73%53%60%Companies hacked through web applications in past 24 monthsOf attacks were external, targetingthe data centerOf security professionalssay currentnext-generation solutions dont address the problemSignature and IP/reputation blocking are inadequateWeb application security solutions not solving the problemContinued DDoS attacks at scale not being stoppedNo intelligence sharing Ongoing confusion around securing virtual infrastructureSources: KRC Research and Juniper Mobile Threat CenterBlank SlideTitle and Content2-LineSlide TypeJuniper Networks Large Venue Template / 16x9 / V65Hacker threatsScripts & Tool ExploitsTargeted ScanBotnetHuman HackerIP Scan

Generic scripts and tools against one site.

Script run against multiple sites seeking a specific vulnerability.Targets a specific site for any vulnerability.Script loaded onto a bot network to carry out attack.Sophisticated, targeted attack (APT). Low and slow to avoid detection.

JanJuneDecSlide TypeJuniper Networks Large Venue Template / 16x9 / V6TheftRevenueReputationSony Stolen Records 100MSony Direct Costs$171MThe Cost of an Attack Ponemon Institute | Average breach costs $214 per record stolen23 day network closureLost customersSecurity improvementsSony Lawsuits$1-2BSlide TypeJuniper Networks Large Venue Template / 16x9 / V6http://mashable.com/2011/05/22/psn-costs-infographic/

7Web App Security TechnologyWeb Application FirewallWeb Intrusion Deception SystemDetectionSignaturesTar TrapsTrackingIP addressBrowser, software and scriptsProfilingIP addressBrowser, software and scriptsResponsesBlock IPBlock, warn and deceive attackerPCISection 6.6

Slide TypeJuniper Networks Large Venue Template / 16x9 / V68Tar Traps detect threats without false positives.Track IPs, browsers, software and scripts.Understand attackers capabilities and intents.Adaptive responses, including block, warn and deceive.The Junos WebApp Secure advantageDeception-based SecurityDetectTrackProfileRespond

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6App ServerClientServer ConfigurationNetwork PerimeterDatabaseFirewallQuery String ParametersTar Traps

Hidden Input FieldsDetection by Deception

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6Track Software and Script AttacksFingerprinting HTTP communications.Track Browser AttacksPersistent TokenCapacity to persist in all browsers including various privacy control features.Track IP Address

Track Attackers Beyond the IP

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6Junos Spotlight Secure

Attacker from San Francisco

Junos Spotlight SecureGlobal Attacker Intelligence Service

Junos WebApp Secure protected site in UKAttacker fingerprint uploadedAttacker fingerprint available for all sites protected by Junos WebApp SecureDetect Anywhere, Stop EverywhereSlide TypeJuniper Networks Large Venue Template / 16x9 / V6Launched in April 2013.

The first global attacker intelligence service.

Attackers who attack a website protected by Junos Web App Secure are detected using deception.

Their fingerprint is captured and shared up to a cloud service Junos Spotlight Secure.

The fingerprint is made up of over 200 attributes of the attackers device, including IP address, plugins, fonts and languages.

The fingerprint is now available for any website protected by Junos WebApp Secure. A subscription to Junos Spotlight Secure gives you protection from attackers who havent been to your site yet.

12Fingerprint of An Attacker

Browser versionFontsBrowser add-onsTimezoneIP Addressattributes used to create the fingerprint.200+False Positivesavailability of fingerprints~ Real Timenearly zeroSlide TypeJuniper Networks Large Venue Template / 16x9 / V613

Attacker local name (on machine)Smart Profile of AttackerIncident historyAttacker threat levelAttacker global name (in Spotlight)Slide TypeJuniper Networks Large Venue Template / 16x9 / V614Junos WebApp Secure ResponsesHuman HackerBotnetTargeted ScanIP ScanScripts &Tools ExploitsWarn attackerBlock userForce CAPTCHASlow connectionSimulate broken applicationForce log-outAll responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat.Respond and Deceive

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6Critical Data

54% of large orgs hacked viainsecure Web apps

DDoS-related downtime has doubled in 2013

DDoS Threatens AvailabilityHacking Targets Valuable Data

Datacenter security has unique challengesNextGen Firewall Has Little RelvanceTitle and BulletsSlide TypeJuniper Networks Large Venue Template / 16x9 / V616

The most advanced heuristic DDoS technology

JUNOS DDoS SECURESlide TypeJuniper Networks Large Venue Template / 16x9 / V6JUNOS DDoS SECURE - Our credentials Established in 2000 - Since day1 DDoS detection & mitigation has been our exclusive focus.We sold the worlds very first DDoS solution in July 2000The technology is the most advanced in the market.It is low touch, high tech. The heuristic design means it learns from and dynamically responds to each and every packet.Its proven in some of the worlds most demanding customer environments and today our technology is trusted to protect in excess of $60 billion of turnover.

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6JUNOS DDoS SECURE VariantsVMware Instance good for 1Gb throughput1U appliance capable of between 1Gb & 10Gb10U blade appliance capable of 20 to 40Gb1U appliances have a choice of Fail-safe CardFiber (1G SX/LX 10G SR/LR)Copper (10M/100M/1G)All can be used Stand Alone or as Active Standby PairOr Active Active (Asymmetric Routing)

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6JUNOS DDoS SECURE How does it workPacket validated against pre-defined RFC filtersMalformed and mis-sequenced packets droppedIndividual IP addresses assigned CHARM valueValue assigned based on IP behaviours

Mechanistic TrafficLow CHARM ValueFirst Time TrafficMedium CHARM ValueHumanistic, Trusted TrafficHigh CHARM ValueSlide TypeJuniper Networks Large Venue Template / 16x9 / V6JUNOS DDoS SECURE How does it workAccess dependent on CHARM threshold of target resourceBelow threshold packets droppedAbove threshold allowed uninterrupted accessMinimal (if any) false positivesCHARM threshold changes dynamically with resource busynessFull stateful engine measures response timesNo server Agents

CHARM Algorithm

Slide TypeJuniper Networks Large Venue Template / 16x9 / V6JUNOS DDoS SECURE PACKET flow sequenceDrop PacketIP Behavior TableResource CHARM ThresholdDrop PacketPacket EntersSyntax ScreenerOK So FarCHARM GeneratorWith CHARM ValueCHARM ScreenerPacket ExitsValidates data packetValidates against defined filtersValidates packet against RFCsValidates packet sequencingTCP Connection state

1Calculates CHARM value for data packetReferences IP behaviour tableFunction of time and historical behaviourBetter behaved = better CHARM

2Behaviour is recordedSupports up to 32-64M profilesProfiles aged on least used basis

3Calculates CHARM ThresholdResponsiveness of Resource4Allow or DropCHARM ThresholdCHARM value5CHARM TechnologyResource ControlSlide TypeJuniper Networks Large Venue Template / 16x9 / V6JUNOS DDoS SECURE resource managementIn this example, Resource 2s response time starts to degrade and the CHARM pass threshold is increased to start the process of rate limiting the bad traffic.

At this point the good traffic will continue to pass unhindered whilst the attackers will start to believe their attack has been successful as their request fails.Resource 1Resource 2Resource 3Resource NThe attack traffic to Resource 2 reduces as the attackers switch the attack to Resource 3.

Once again, Junos DDoS Secure responds dynamically by increasing the pass threshold for Resource 3miting bad traffic.Resource ControlSlide TypeJuniper Networks Large Venue Template / 16x9 / V6Heuristic Mitigation in actionJunos DDoS Secure Heurisitc AnalysisDDoS Attack TrafficManagement PCNormal Internet TrafficDDoS Attack TrafficNormal Internet TrafficResourcesNormal Internet traffic flows through the Junos DDoS Secure Appliance, while the software analyses the type, origin, flow, data rate, sequencing, style and protocol being utilised by all inbound and outbound traffic. The analysis is heuristic in nature and adjusts over time but is applied in real time, with minimal (store and forward) latency.Normal Internet TrafficSlide TypeJuniper Networks Large Venue Template / 1