Upload
christian-christensen
View
20
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Juniper - Asegurando el Datacenter
Citation preview
educat ion serv ices coursew a re
Securing the Data CenterSecuring the Data CenterSecuring the Data CenterSecuring the Data Center Student GuideStudent GuideStudent GuideStudent Guide
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 2
NOTE: Please note this Student Guide has been developed from an audio narration. Therefore it will have
conversational English. The purpose of this transcript is to help you follow the online presentation and may require
reference to it.
Slide 1
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 1CONFIDENTIAL SOT-DCD05F-ML5
Build the Best
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 3
Slide 2
© 2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Juniper Networks
Data Center Design
Best Practices
Securing the Data Center
Welcome to Juniper Networks “Securing the Data Center” eLearning module. In this course module, we will provide an overview of the Juniper Networks security products and capabilities for securing the data center.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 4
Slide 3
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 3CONFIDENTIAL SOT-DCD05F-ML5
Navigation
Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at any time to submit suggestions or corrections directly to the Juniper Networks eLearning team.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 5
Slide 4
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 4CONFIDENTIAL SOT-DCD05F-ML5
Course Objectives
� After successfully completing this course, you will be
able to:
•Provide an overview of Juniper’s SRX Series physical and
virtual security products
•Explore Juniper’s IPS capabilities
•Describe tools for network deployment, management, and
troubleshooting
After successfully completing this course, you will be able to: • Provide an overview of Juniper’s SRX Series physical and virtual security products; and • Explore Juniper’s IPS capabilities; and • Describe tools for network deployment, management, and troubleshooting.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 6
Slide 5
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 5CONFIDENTIAL SOT-DCD05F-ML5
Agenda: Securing the Data Center
� Physical and Virtual SRX Series Platforms
� An Overview of IPS, the Junos OS, Junos Space
Security Director, and Secure Analytics
This course consists of two sections. The two main sections are as follows: • Physical and Virtual SRX Series Platforms; and • An Overview of IPS, the Junos OS, Junos Space Security Director, and Secure Analytics.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 7
Slide 6
© 2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Physical and Virtual
SRX Series Platforms
Juniper Networks
Data Center Design
Best Practices
Physical and Virtual SRX Series Platforms
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 8
Slide 7
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 7CONFIDENTIAL SOT-DCD05F-ML5
Section Objectives
� After successfully completing this section, you will be
able to:
•Provide an overview of Juniper’s SRX Series
•Discuss Juniper’s control and data plane architecture
•Explore the features of the SRX Series physical and virtual
platforms
After successfully completing this section, you will be able to: • Provide an overview of Juniper’s SRX Series; • Discuss Juniper’s control and data plane architecture; and • Explore the features of the SRX Series physical and virtual platforms.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 9
Slide 8
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 8CONFIDENTIAL SOT-DCD05F-ML5
SRX Series Services Gateways
High-End SRX
Junos OS
Unprecedented ScaleIntegrated Routing, Switching and Security
Branch SRX
Branch Campus Data Center
SRX3400
SRX100SRX210 SRX220
SRX240
SRX650
SRX110
SRX550
SRX1400
SRX3600
SRX5400
SRX5600
SRX5800
100G
1G
10G
Next-Generation Firewalls
Virtual SRX
(vSRX)
SRX Series Services Gateways SRX Series platforms run from the branch office models, suitable for managed service offerings, to campus platforms, and all the way to high-end modular systems capable of running at more than 300 Gbps for the most demanding data center deployments. SRX Series Services Gateways for the branch are next-generation security firewalls that provide essential capabilities that connect, secure, and manage workforce locations sized from handfuls to hundreds of users. By consolidating fast, highly-available switching, routing, security, and next generation firewall capabilities in a single device, enterprises can protect their resources as well as economically deliver new services, safe connectivity, and a satisfying end-user experience. Juniper Networks virtual SRX product, Firefly Perimeter, goes beyond traditional security appliances with a new virtual firewall that is delivered in a virtual machine (VM) form factor and based on Juniper’s Junos operating system (Junos OS) and the SRX Series Services Gateways. The high-end SRX Series platforms have an industry leading architecture that sets them apart based on the following capabilities: • Unprecedented scale to enable a multitude of services without having to pay a huge performance penalty; and • A modular architecture which allows customers to buy the hardware that is needed today with the ability to scale
into the future.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 10
Slide 9
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 9CONFIDENTIAL SOT-DCD05F-ML5
Control Plane
Data Plane
Physical Interfaces
Packet Forwarding
Module N
Interfaces
Management
Routing
…Kernel
Architecture:Separate Data and Control Plane
DoS and
DDoS Attacks
Attacks can be thwartedAttacks can be thwartedAttacks can be thwartedAttacks can be thwarted
Under attack, administrator maintains
management access to modify policy,
disallow bad traffic, and process good
traffic – your network stays up
Shared Plane
Data
Management
Routing
DoS and
DDoS Attacks
Attacks overwhelm the boxAttacks overwhelm the boxAttacks overwhelm the boxAttacks overwhelm the box
Administrator loses management access
– your network is down
Architecture: Separate Data and Control Plane Juniper’s separate data and control plane architecture offers significant advantages. Consider the following: • With competitors’ single plane design:
• During attacks, there is no management access to address the situation; and • During attacks, processing of routing updates stop, and the network is down.
• With Juniper’s separate control and data plane design: • You maintain management access, even during a DoS/DDoS attacks; and • Route update processing continues.
Separate data plane (packet forwarding) and control plane (management) architecture provides the following benefits: • Scales performance; • Enhances resiliency; and • Enables redundancy.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 11
Slide 10
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 10CONFIDENTIAL SOT-DCD05F-ML5
� Enables complete application visibility and control
� Integrates security for physical and virtual data centers
� Strong, dynamic content security: leveraging intelligence from multiple security companies
� Secure and resilient even under the most demanding conditions
Best In Class Security
Best In Class Security The SRX Series offers the broadest security protection in the market, such as the following: • The SRX Series enables complete application visibility and control; • Integrates security for physical and virtual data centers; • Provides strong UTM capabilities, leveraging intelligence from multiple security companies; and • Is secure and resilient, even under demanding situations, utilizing a unique architectural design based on multiple
processing cores and a separation of the data and control planes.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 12
Slide 11
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 11CONFIDENTIAL SOT-DCD05F-ML5
� Delivers high-performance throughput, massive session volume, and flexible, large-scale connectivity
� Add security services without service interruptions for business continuity
� Enables pay as you grow approach
Maximum Performance and Scale
Maximum Performance and Scale The SRX Series provides the following performance and scaling capabilities: • The SRX Series delivers high-performance throughput, massive session volume, and flexible, large-scale
connectivity; • High-throughput connectivity options match virtually any business requirement, including the industry’s first
100-Gigabit interface option; • Next-generation I/O card (NG-IOC) connectivity options include 100-Gigabit Ethernet, 40-Gigabit Ethernet,
and high density 10-Gigabit Ethernet interfaces; and • The SRX Series delivers up to 300 Gbps of firewall throughput and scales to 100 million sessions, 450,000
connections per second, and 218 Gbps IPsec throughput. • For business continuity, the SRX Series can enable additional security services without service interruptions;
• Just activate security services licenses—with no special install or appliances. • The SRX Series provides a pay-as-you-grow approach;
• You can add additional cards as needed.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 13
Slide 12
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 12CONFIDENTIAL SOT-DCD05F-ML5
� Delivers uptime continuity with in-service hardware and software upgrades
� Enables high availability with redundant components and links
� Built on a carrier-class hardware foundation
Carrier-Grade Reliability
Carrier-grade Reliability The SRX Series builds on Juniper’s reputation of carrier-grade reliability with the following features: • The SRX Series delivers uptime continuity with in-service hardware and software upgrades; • Enables high availability with redundant components and links; and • Provides carrier-class hardware for network resiliency.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 14
Slide 13
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 13CONFIDENTIAL SOT-DCD05F-ML5
Small Office
SRX240
+ 4 WAN slots,
16 x GigE, PoE
1 GB DRAM
Hardware Platforms Scale from 1-Gigabit Ethernet to 10-Gigabit Ethernet
SRX110
Fixed Config
VDSL2 WAN
8 x FE1
GB DRAMSRX210
WAN slot,
2 x GigE, PoE,
1 GB DRAM
SRX650
+ More LAN slots, Dual P/S, + Hot Swap I/O
4 GB DRAM
Fixed Config
8 x FE1
GB DRAM
SRX100Large Branch/Regional Office/Data Center
2mPIM+6GPIM
WAN slots, 10 x GigE,
PoE, Dual PS
2 GB DRAM
SRX550+ 2 WAN slots,
8 x GigE, PoE
1 GB DRAM
SRX220
Branch SRX Series GatewaysNext-generation Security Gateways
Small to Medium Office
Branch SRX Series Gateways SRX Series Services Gateways for the branch are next-generation security gateways that provide essential capabilities that connect, secure, and manage workforce locations sized from handfuls to hundreds of users. Here is a snapshot of the Juniper Networks SRX Series for the branch portfolio: • The SRX100 is a fixed form factor device, ideal for small offices. • The SRX110 provides a platform similar to the SRX100, but with integrated vDSL2, which is intended for
environments where the primary WAN connectivity will be DSL. • The SRX210 and SRX220 are ideal solutions for small to medium offices;
• The SRX210 has one mini-PIM slot with two Gigabit Ethernet interfaces and six FE interfaces; and • The SRX220 has two mini-PIM slots and eight onboard Gigabit Ethernet interfaces.
• The SRX240 is ideal for medium offices with four built-in mini-PIM slots and 16 on-board Gigabit Ethernet interfaces;
• The SRX550 fills the price/performance gap between the SRX240 and SRX650 and is a flexible solution, ideal for mid to large branch offices; and
• The SRX650 is great for large branch and regional offices with more LAN slots and dual processors and power supplies for increased availability.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 15
Slide 14
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 14CONFIDENTIAL SOT-DCD05F-ML5
vSRX
vSRX
VMVMVMVMVMVMVMVM
• Virtual version of the SRX
Series
• Provides north / south
firewall (5 Gbps), NAT,
routing, VPN connectivity
features in a flexible
virtual machine format
VMVMVMVM VMVMVMVM
Secure Secure Secure Secure
vSRX vSRX was introduced by Juniper in January of 2014. At a very high level, vSRX is a physical SRX Series device in VM format. You can think of it, for example, as taking an SRX550 or SRX240 from the SRX Series product line, stripping away the sheet metal, power cable, and all of the physical elements of the device, and then you have Firefly Perimeter. You get all the flexibility associated with running the product in a VM—put it in the cloud or put it in various different infrastructures to have the VMs use vSRX as their default gateway for all traffic that they process. Because it is in a VM, it is bound at about 5 Gbps firewall throughout. You get the flexibility of the VM format, you do not have to make any kernel changes, and there is no dependency on API integrations. vSRX is for use cases where you need north-south filtering at about 5 Gbps of performance, and you also need connectivity features such as Network Address Translation (NAT), routing, and VPN. All of those pieces are inherent in Junos and all are available in the vSRX product. Think of this as the north-south and connectivity feature set in VM format.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 16
Slide 15
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 15CONFIDENTIAL SOT-DCD05F-ML5
Carrier-grade Availability
SRX Series Services Gateways for the High End
Tailored Security for Critical Assets
Best-in-class Security
Maximum Performance and Scale
SRX Series Services Gateways for the High End SRX Series Services Gateways for the high end deliver tailored security for your critical assets. To meet the solution requirements, the SRX Series for the high end is a next-generation firewall that offers: • Best-in-class security; • Maximum performance and scale; and • Carrier–grade availability. Let’s explore each of these attributes in greater detail.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 17
Slide 16
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 16CONFIDENTIAL SOT-DCD05F-ML5
Areas of Deployment
•Traditional on-premises data centers•SRX Series hardware platforms
Private Cloud
•vSRX or vMX in conjunction with SRX Series hardware on-premises
•Cloud bursting
•vCPE or vPE deployment
Hybrid Cloud
•Amazon, Google, Facebook type of cloud deployment using vSRX or vMX
•Not reliant on on-premise devices
Public Cloud
Areas of Deployment Juniper Networks physical as well as virtual firewall platforms can be deployed in the following areas: • Private Cloud (Enterprise data center/private cloud):
• Traditional on-premises data centers; and • SRX Series hardware platforms, from the SRX100 to the SRX5800.
• Hybrid Cloud: • Enterprise network application and workload extension into the cloud vSRX or the new virtual MX Series
(vMX) in the cloud in conjunction with an enterprise SRX Series hardware platform on-premises. • Bookend solution: Juniper-to-Juniper hybrid cloud deployment (Juniper end-to-end Layer 3 to Layer 7
deployment and control) • Cloud bursting (using SRX Series high-end platforms on-premises or any IPsec capable public cloud firewall)
• Non-bookend solution: Juniper-to-other cloud termination (such as, AWS, EC2, or Google firewall offering, Layer 3 to Layer 7 deployment)
• Virtual Customer Premises Equipment (vCPE) deployment such as vSRX or virtual provider edge router, (vPE)/vCPE, such as vMX
• Public Cloud: • Amazon, Google, Facebook, Microsoft vCPE/vPE cloud deployment (using vSRX or vMX) • Not reliant on any SRX device being on-premises in the enterprise
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 18
Slide 17
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 17CONFIDENTIAL SOT-DCD05F-ML5
Section Summary
� In this section, we:
•Provided an overview of Juniper’s SRX Series
•Discussed Juniper’s control and data plane architecture
•Explored the features of the SRX Series physical and virtual
platforms
In this section, we: • Provided an overview of Juniper’s SRX Series; • Discussed Juniper’s control and data plane architecture; and • Explored the features of the SRX Series physical and virtual platforms.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 19
Slide 18
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 18CONFIDENTIAL SOT-DCD05F-ML5
Learning Activity 1: Question 1
�What are three benefits that Juniper’s separate
control and data plane architecture provides?
(Choose three.)
A. Management access is separated from packet forwarding
B. Packets can still be forwarded when an attack occurs
C. Route processing is automatically stopped when under
attack
D. Resiliency is enhanced
Learning Activity 1: Question 1
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 20
Slide 18
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 18CONFIDENTIAL SOT-DCD05F-ML5
Learning Activity 1: Question 2
�How much firewall throughput does Firefly Perimeter
currently provide?
A. 1 Gbps
B. 5 Gbps
C. 7 Gbps
D. 10 Gbps
Learning Activity 1: Question 2
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 21
Slide 19
© 2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
An Overview of IPS, the Junos OS,
Junos Space Security Director, and
Secure Analytics
Juniper Networks
Data Center Design
Best Practices
An Overview of IPS, the Junos OS, Junos Space Security Director, and Secure Analytics To round out the data center security discussion, this section will provide an overview of Juniper IPS, the Junos OS, the Security Director application within Junos Space, and Secure Analytics.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 22
Slide 20
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 20CONFIDENTIAL SOT-DCD05F-ML5
Section Objectives
� After successfully completing this section, you will be
able to:
•Describe Juniper Networks IPS features and capabilities
•Describe the basic features of Junos OS
•Discuss Juniper’s tools that assist in the deployment,
management, and troubleshooting of large network
deployments
After successfully completing this section, you will be able to: • Describe Juniper Networks intrusion prevention systems (IPS) features and capabilities; • Describe the basic features of Junos OS; and • Discuss Juniper’s tools that assist in the deployment, management, and troubleshooting of large network
deployments.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 23
Slide 21
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 21CONFIDENTIAL SOT-DCD05F-ML5
IPS Capabilities
Stateful Signature Stateful Signature Stateful Signature Stateful Signature InspectionInspectionInspectionInspection
•Minimizes false positives
•Applied only to relevant traffic
Protocol DecodesProtocol DecodesProtocol DecodesProtocol Decodes
•Enforce proper usage of protocols
•Improves signature accuracy through precise contexts of protocols
SignaturesSignaturesSignaturesSignatures
•Identify anomalies, attacks, spyware, and applications
•Detects attacks and attempts to exploit known vulnerabilities
Traffic NormalizationTraffic NormalizationTraffic NormalizationTraffic Normalization
•Reassembly, normalization, and protocol decoding
•Overcomes attempts to bypass other IPS detections through obfuscation
ZeroZeroZeroZero----Day ProtectionDay ProtectionDay ProtectionDay Protection
•Detects protocol anomalies and protects same-day for new vulnerabilities and exploits
Recommended PolicyRecommended PolicyRecommended PolicyRecommended Policy
•Critical attack signatures are identified
•Simplifies installation and maintenance while ensuring the highest network security
Active/Active Traffic Active/Active Traffic Active/Active Traffic Active/Active Traffic MonitoringMonitoringMonitoringMonitoring
•Monitors SRX clusters and delivers advanced features such as in-service software upgrade
Packet CapturePacket CapturePacket CapturePacket Capture
•IPS policy supports packet capture logging per rule
•Conducts further analysis of surrounding traffic and determines further steps for additional protection
IPS Capabilities Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security. Stateful signature inspection provides the following: • Minimizes false positives and offers flexible signature development; and • Signatures are applied only to relevant portions of the network traffic as determined by the appropriate protocol
context. Protocol decodes offer the following: • More than 65 protocol decodes are supported along with more than 500 contexts to enforce proper usage of
protocols; and • Accuracy of signatures are improved through precise contexts of protocols. Signatures offer the following: • There are more than 8,500 signatures for identifying anomalies, attacks, spyware, and applications and • Attacks are accurately identified and attempts to exploit known vulnerabilities are prevented. Traffic normalization provides the following: • Reassembly, normalization, and protocol decoding; and • Overcomes attempts to bypass other IPS detections by using obfuscation methods.
Zero-day protection provides the following: • Protocol anomaly detection and same-day coverage for newly found vulnerabilities; and • Protects your network against any new exploits. Recommended policy offers the following: • A group of attack signatures are identified by the Juniper Networks Security Team as critical for the typical
enterprise to protect against; and • Installation and maintenance are simplified while ensuring the highest network security. Active/active traffic monitoring provides the following: • IPS monitoring on active/active SRX5000 line chassis clusters; and • Support for active/active IPS monitoring including advanced features such as in-service software upgrade; and
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 24
Packet capture provides the following: • IPS policy supports packet capture logging per rule; and • Conducts further analysis of surrounding traffic and determines further steps to protect the target.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 25
Slide 22
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 22CONFIDENTIAL SOT-DCD05F-ML5
The Junos OS
� Reliable, high-performance network operating system
for routing, switching, and security
� improves the reliability, performance, and security of
existing applications
� Automates network operations
� Architected with DevOps in mind
The Junos OS Junos OS is a reliable, high-performance network operating system for routing, switching, and security. It reduces the time necessary to deploy new services and decreases network operation costs. Junos OS offers secure programming interfaces and the Junos software development kit (Junos SDK) for developing applications that can unlock more value from the network. Running Junos OS in a network improves the reliability, performance, and security of existing applications. It automates network operations on a streamlined system, allowing more time to focus on deploying new applications and services. Junos OS is scalable both up and down, providing a consistent, reliable, stable system for developers and operators. This, in turn, means a more cost-effective solution for your business. Junos OS is architected with DevOps in mind. With versatile scripting support and integration with popular orchestration frameworks, Junos OS offers flexible options for continuous delivery and DevOps style management. The Junos Continuity features further enhance continuous delivery and efficient software re-qualification.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 26
Slide 23
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 23CONFIDENTIAL SOT-DCD05F-ML5
Junos OS Features
• One operating system
• Steady release train
• Modular software architecture
• Ease of use and operational
agility
• Simple routing policy
management
• Separate control and data planes
increase reliability and security
• Junos Continuity features
Control Plane
Data Plane
Management
Routing
Switching
Daemon X
Kernel
mKernel
Open Management Interfaces
HAL
Physical Interfaces
Junos OS Features Junos OS offers the following features: • One operating system reduces time and effort to plan, deploy, and operate network infrastructure; • A steady release train provides stable delivery of new functionality; • Modular software architecture provides highly available and scalable software that keeps up with changing needs; • Meaningful configuration hierarchies together with annotations, commit check, commit, and rollback features
exemplify ease of use and operational agility; • Simple routing policy management supports fine-grained network traffic controls; • Separate control and data planes increase reliability and security; and • Designed for DevOps, Junos Continuity aids continuous delivery, zero downtime, and vastly reduced re-
qualification times when introducing new line card or chassis upgrades.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 27
Slide 24
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 24CONFIDENTIAL SOT-DCD05F-ML5
Managing the Network and Security
Firewall management and UTM
IPsec VPN management
NAT management
IPS signature management
AppFW
Junos Space Security Director
• Control the device throughout its life cycle
with a single, centralized dashboard
• Provides security scale, granular policy
control, and policy breadth
• Quickly manage all phases of the security
policy life cycle
Secure Analytics
• SIEM capabilities—efficiently manage
business operations on networks from a
single console
• Analyze and manage network data
• Log management
• Real-time threat management
Security
Information
and Event
Management
Network
Behavior
Analysis and
Application
Visibility
Log
Management
Secure Analytics
Managing the Network and Security Unlike solutions that require administrators to use multiple management tools to control a single device, Junos Space Security Director enables IT departments to control the device throughout its life cycle with a single, centralized dashboard. As an application on Junos Space Network Management Platform, Junos Space Security Director provides extensive security scale, granular policy control, and policy breadth across the network. It helps administrators quickly manage all phases of the security policy life cycle for stateful firewall, UTM, IPS, application firewall (AppFW), VPN, and NAT through a centralized web-based interface. Junos Space Security Director reduces management costs and errors with efficient security policy, workflow tools, and a powerful “app” and platform architecture. Juniper Networks Secure Analytics provides Security Information and Event Management (SIEM) capabilities. By combining, analyzing, and managing an unparalleled set of surveillance data—network behavior, security events, vulnerability profiles, and threat information—it helps empower companies to efficiently manage business operations on their networks from a single console. It offers superior log management with distributed log collection and centralized viewing, threats management that delivers real-time surveillance and detection information, and compliance management capabilities—all viewed and managed from one console. Juniper Networks Advanced Insight Solution (AIS) provides in-service diagnostic functionality with flexible automated monitoring and reporting. Third-party network management partners supporting the Juniper products provide additional management solutions for network, fault, performance, and change control. By selecting the appropriate management tool, network administrators can deploy, manage and troubleshoot large network deployments.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 28
Slide 25
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 25CONFIDENTIAL SOT-DCD05F-ML5
Section Summary
� In this section, we:
•Described Juniper Networks IPS features and capabilities
•Described the basic features of Junos OS
•Discussed Juniper’s tools that assist in the deployment,
management, and troubleshooting of large network
deployments
In this section, we: • Described Juniper Networks IPS features and capabilities; • Described the basic features of Junos OS; and • Discussed Juniper’s tools that assist in the deployment, management, and troubleshooting of large network
deployments.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 29
Slide 26
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 26CONFIDENTIAL SOT-DCD05F-ML5
Learning Activity 2: Question 1
� Security Director is an application that runs on which
Juniper product?
A. Firefly Perimeter
B. Secure Analytics
C. Junos Space
D. SRX Series
Learning Activity 2: Question 1
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 30
Slide 26
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 26CONFIDENTIAL SOT-DCD05F-ML5
Learning Activity 2: Question 2
� True or false: Secure Analytics offers log
management, threat management, and compliance
management, all in one product.
A. True
B. False
Learning Activity 2: Question 2
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 31
Slide 27
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 27CONFIDENTIAL SOT-DCD05F-ML5
Course Summary
� In this course, we:
• Provided an overview of Juniper’s SRX Series physical and
virtual security products
• Explored Juniper’s IPS capabilities
• Described tools for network deployment, management, and
troubleshooting
In this course, we: • Provided an overview of Juniper’s SRX Series physical and virtual security products; • Explored Juniper’s IPS capabilities; and • Described tools for network deployment, management, and troubleshooting.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 32
Slide 28
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 28CONFIDENTIAL SOT-DCD05F-ML5
Additional Resources
� Education Services training classes
•http://www.juniper.net/training/technical_education/
� Juniper Networks Certification Program Web site
•www.juniper.net/certification
� Juniper Networks documentation and white papers
•www.juniper.net/techpubs
� To submit errata or for general questions
For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 33
Slide 29
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 29CONFIDENTIAL SOT-DCD05F-ML5
Evaluation and Survey
� You have reached the end of this Juniper Networks
eLearning module
� You should now return to your Juniper Learning
Center to take the assessment and the student
survey
•After successfully completing the assessment, you will earn
credits that will be recognized through certificates and non-
monetary rewards
•The survey will allow you to give feedback on
the quality and usefulness of the course
You have reached the end of this Juniper Networks eLearning module. You should now return to your Juniper Learning Center to take the assessment and the student survey. After successfully completing the assessment, you will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to give feedback on the quality and usefulness of the course.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 34
Slide 30
© 2015 Juniper Networks, Inc. All rights reserved. www.juniper.net | 30CONFIDENTIAL SOT-DCD05F-ML5
Copyright © 2015 Juniper Networks, Inc.
All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo,
JUNOS, QFABRIC, NETSCREEN, and SCREENOS are registered
trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their
respective owners.
Copyright © 2015 Juniper Networks, Inc. All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo, JUNOS, QFABRIC, NETSCREEN, and SCREENOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Securing the Data Center
Course SOT-DCD05F-ML5 © Juniper Networks, Inc. 35
Slide 31
CONFIDENTIAL
Corporat e and Sales Headquart ers
Juniper Networks, Inc.
1194 Nort h Mat hilda Avenue
Sunnyvale, CA 940 89 USA
Phone: 888.JUNIPER
( 888 .586.4737)
or 40 8 .745.20 0 0
Fax: 40 8.745.2100
www.juniper.net
APAC Headquart ers
Juniper Networks (Hong Kong)
26 / F, Cit yplaza One
1111King’s Road
Taikoo Shing, Hong Kong
Phone: 852.2332.3636
Fax: 852.2574.7803
EMEA Headquart ers
Juniper Networks Ireland
Airside Business Park
Swords, Count y Dubl in, Ireland
Phone: 35.31.890 3.60 0
EMEA Sales: 0 0 80 0 .4586.4737
Fax: 35.31.890 3.60 1
Copyright 2010 Juniper Networks, Inc.
Al l right s reserved. Juniper Networks,
t he Juniper Networks logo, Junos,
NetScreen, and ScreenOS are regist ered
t rademarks of Juniper Networks, Inc. in
t he Unit ed States and ot her count ries.
Al l ot her t rademarks, service marks,
regist ered marks, or regist ered service
marks are t he propert y of t heir
respect ive owners. Juniper Networks
assumes no responsibil it y for any
inaccuracies in t his document . Juniper
Networks reserves t he right t o change,
modif y, t ransfer, or ot herw ise revise t his
publ icat ion w it hout not ice.
educat ion serv ices coursew are