SECURE CLOUD-READY DATA CENTERS

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 10 months ago)

130 views

SECURE CLOUD
-
READY
DATA CENTERS

AppSecure development


IDC IT Security conference


2011 Budapest

2

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



Current Security Services


IPsec

VPNs, IPS, UTM


Stateful

FW, NAT, ALG


Routing, FBF,
QoS
,
Bandwidth Management

APPLICATION
-
AWARE SECURITY

Introducing
AppSecure


AppSecure is a suite of application based services designed for
deploying security in a knowledgeable manner


Builds on existing firewall integrated services to deliver finer
-
grain policies


Leverages integrated application intelligence

Advanced Security Services
With
AppSecure


Botnet

Protection


Application Access Control


Application Bandwidth
Management

Application
Intelligence

3

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



APPSECURE DIRECTION

Understand
security risks


Address new
user behaviors


Application Intelligence from User to Data Center



Subscription service includes all modules and updates



Juniper Security Lab provides 800+ application signatures

AppTrack


AppQoS


AppDoS


IPS


Block access to
risky apps


Allows user
tailored policies


Prioritize
important apps


Rate limit less
important apps


Protect apps
from bot attacks


Allow legitimate
user traffic


Remediate
security threats


Stay current with
daily signatures






AppFW


4

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



SAMPLE APPLICATION COVERAGE . . .

800+ AND MORE ADDED DAILY

100Bao

Aimster

Applejuice

Ares

BitTorrent

DirectConnect

eDonkey2000

FastTrack

Freecast

Freenet

GnucleusLAN

Gnutella

Gnutella2

GoBoogy

Hotline

IceShare

ICQ

IRC

Japper
/XMPP

Joltid

PeerEnabler

Kademlia

KuGoo

Kuro

Manolito
/MP2P

MMS

MSNP (
ver

10,
11, 12)

MSNP 13

MUTE

Napster

OpenFT

(
giFT
)

Oscar (AOL)

Peercast

Poco

QQ

RTSP

SCTP

Skype

Soribada

Soulseek

Tesla

TOC (AOL)

WinNY

WPNP

Xunlei

Yahoo IM

And More

5

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



APPLICATION VISIBILITY

AppTrack

Discrete Data Analysis

Business Analysis

Deep packet

intelligence

Protocol

IP Addr

Port

Data

SAP

Size

Joe

What application?

What user?

User Location?

User device?


Identify applications running on the
network with protocol decoding and
Application signatures


View application ID in session logs to
understand network behavior


Enable data center admins to make
informed decisions based on application
being accessed to manage security risk

AppTrack

Applications

Bytes From Client (Custom) (Sum)

Count

FTP

1,047,754

2,097

Windows File Share

1,030,006

31

HTTP

376,296

16

Bit Torrent

316,064

16

None

154,168

302

NETBlog

151,632

16

VoIP

128,266

16

Facebook

104,735

16

TFIP

67,920

16

Telnet

54,768

16

6

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



Control & Enforce Web 2.0 Apps

AppFW

AppFW: BEYOND JUST FW OR APP CONTROL

Inspect
ports
and

protocols

Control
nested apps, chat, file
sharing and other Web 2.0 activities

Dynamic application security

Web 2.0 policy enforcement

Threat detection & prevention

HTTP

Uncover
tunneled apps

Stop
multiple threat types

7

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



Protect Valuable On
-
line Business

AppDoS

AppDOS THREAT MITIGATION

Detect and mitigate
botnet activity

Benchmark

“normal” behavior to
detect anomalies

Botnet detection & remediation

DoS monitoring & remediation

On
-
going anomaly detection

Uncover
misuse of routine Web
functionality

Purchase Item

Select Item

View Item

Check bill

Adapt
security policy and QOS
based on insights

8

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



HOW AppDOS WORKS

Attack traffic

Legitimate traffic

Botnets targeting services
for disruption

Mixture of legitimate and
attack traffic

INTERNET

Server Connection Monitoring

Protocol Analysis

Bot / Client Classification

Cloud Provider /
Data Center

Web Services /
Applications

SRX Series

9

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



Prioritize & Control App Bandwidth

AppQoS

AppQOS FOR SCALE & PERFORMANCE

Monitor
Web 2.0 bandwidth
consumption

Dynamic application

quality
-
of
-
service (QoS)

Application prioritization

Performance management

Throttle
bit rates based on security
and usage insights

Prioritize
business critical apps

X

10

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



Monitor & Mitigate Custom Attacks

IPS

IPS FOR CUSTOMIZABLE PROTECTION

Detect and monitor
suspicious
behavior

Address vulnerabilities
instead of
ever
-
changing
exploits

of the
vulnerability

On
-
going threat protection

Mobile traffic monitoring

Custom attack mitigation

Tune
open signatures to detect and
mitigate tailored attacks

Uncover
attacks exploiting encrypted
methods

Exploits

VULNERABILITY

AppSecure IPS

Other
IPS’s

11

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



AppSECURE DEPLOYMENT SCENARIOS

IN
-
LINE SERVICE PROTECTION

Advanced protection for infrastructure and Hosted Services

Data Center

DNS Services


HTTP/Web Services


Network Core

Remote Network

Other
Services


AppSecure

12

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



APPSECURE DEPLOYMENT SCENARIOS

SRX Corporate Data Center with Bot protection and Application Tracking

Remote Access

Apps


Apps


Apps


Apps


Apps


Apps


Full suite of DC services: firewall, IPS, NAT, IPsec VPN, AppTrack, AppDoS

Corporate HQ / Data Center

AppSecure

13

Copyright
© 2011 Juniper Networks, Inc.

www.juniper.net



APPSECURE SUMMARY


iPhone

and other mobile devices consuming many
applications and bandwidth


Increased security risk with Web 2.0 applications

Internet end
-
points are
changing and increasing
exponentially


Fine
-
grain detection and control of application access


Deep and wide visibility into all traffic flowing through the
network

Expands administrative
control over network
traffic


AppDOS

combines statistical and deterministic methods to
counter DDoS attacks at the right level


Mitigates sophisticated attacks with minimal service impact

Botnet

attacks are
growing


SRX Services Gateways offer control and security without
compromise

Scalable performance