1 WHITE PAPER SECURITY CONSIDERATIONS FOR CLOUD-READY DATA CENTERS Copyright 2009, Juniper Networks, Inc. 1
2 Table of Contents Executive Summary Introduction New Security Challenges in the Data Center Virtualization Distributed Application Architectures Storage over IP Networks Sophisticated DDOS attacks through botnets Security Requirements for the Cloud-Ready Data Center Application Fluency Identity-Based Access Enforcement High Capacity, Scalable Platform Design Centralized Management Conclusion Securing the Data Center with a Network-Centric Approach About Juniper Networks Table of Figures Figure 1: The increasing risk in the new data center infrastructure Figure 2: Virtual server networking Figure 3: Mashup and SOA fan out effect Figure 4: Storage arrays shared by multiple applications Figure 5: Data center security enforcement reference model Copyright 2009, Juniper Networks, Inc.
3 Executive Summary Data centers have evolved significantly as organizations consolidate servers, applications, and other resources, and as they adopt new technologies as a means to reduce costs and increase efficiency. Technologies such as server virtualization, distributed application tools, and IP-based storage are helping organizations maximize their data center resources, while at the same time making it more difficult to protect these critical assets. In addition to cyber theft and increasing levels of malware, organizations must guard against new vulnerabilities introduced by data center technologies themselves. To date, security in the data center has been applied primarily at the perimeter and server levels. However, this approach isn t comprehensive enough to protect information and resources in new system architectures. To effectively manage the new risks, organizations should reevaluate their data center security practices and implement new network-centric capabilities to ensure the integrity of their services. Because the network touches every device in the data center, it is an ideal location for security. A network-centric approach to providing security in the data center delivers benefits such as scalability, unified security policy definition and enforcement, visibility into application traffic, and reduced operations overhead. Introduction Data centers are evolving quickly in response to operational pressures and technology innovations. To reduce costs and gain flexibility, organizations are consolidating data centers and adopting new technologies ranging from virtualization to new application architectures and cloud computing. The current economic environment is accelerating these trends. With data center consolidation, organizations can achieve efficiencies by moving high touch systems from satellite offices to either central data centers or third-party cloud providers. Consolidating servers, applications, and other resources leads to higher utilization of these resources and eliminates the need for IT staff in many locations. Outsourcing some applications to the cloud can make it easier to support teleworkers and employees in remote offices who need secure access to centralized resources that are always available. At the same time, new collaboration tools, including telephony presence, instant messaging, wikis, blogs, and social networking, are bringing employees closer despite physical distance. In addition, use of service-oriented architecture (SOA) and other distributed approaches to application development are resulting in highly distributed applications. These trends are having a major impact on data center architectures and the problems that need to be addressed to provide adequate security for data and systems residing in them. In traditional data center models, applications, compute resources, and networks have been tightly coupled, with all communications gated by security devices at key choke points. However, technologies such as server virtualization and Web services eliminate this coupling and create a mesh of interactions between systems that create subtle and significant new security risks. To secure modern data center applications, organizations need comprehensive, scalable and elastic security tools in the network that combine application fluency and identity-based controls with centralized policy and compliance management. Understanding these new security challenges is key to implementing appropriate security solutions for the virtualized, cloud-ready environment. Copyright 2009, Juniper Networks, Inc. 3
4 Clients Global High-Performance Network Data Center Client to DC DC to DC Server to Server Figure 1: The increasing risk in the new data center infrastructure New Security Challenges in the Data Center In information networks and systems, security controls address the confidentiality, integrity, and availability of information. As organizations consolidate applications, data, and other resources within a few large data centers, they increase the risk that a single system breach represents. Whereas a single server has conventionally housed one application, virtualized servers today host multiple applications or components or both. The compromise of a single physical server can affect numerous applications and a large number of users. Increased presence of four new technology elements in current data center networks pose significant new security challenges that must be addressed: Server virtualization Distributed application architectures IP-based storage networks Sophisticated denial of service attacks with botnets Virtualization Server virtualization has been key to data center consolidation, allowing enterprises to squeeze the most out of server resources, and reduce the need for floor space, electricity, and cooling. However, the difficulty of monitoring and controlling what goes on inside a virtual machine (VM) and between virtual machines presents a new and significant security risk. Virtual server technologies enable multiple OS instances to run on a single host machine. Each of these operating systems has its own virtual CPU, memory, and I/O resources, creating a virtual machine. More recently, server virtualization has been extended to include the ability to run multiple OS instances over a cluster of hosts. As a result, a pool of resources beyond the finite capacity of a single server is available for applications. In addition, virtual machines can migrate from host to host and be replicated across hosts, allowing for dynamic resource allocation as demand rises and falls. To facilitate communication between virtual machines on the same host, vendors of this technology have developed software that simulates an Ethernet switch. A virtual switch runs on each physical host and allows connectivity between guest VMs. Within this internal server network, some VMs may be connected to the same broadcast domain with other VMs connected to disparate broadcast domains. 4 Copyright 2009, Juniper Networks, Inc.
5 Switches in VM hosts cannot be monitored by the same devices used to monitor the physical network traffic passing back and forth between VMs on a single server does not travel out into the rest of the data center network and thus cannot be seen by regular network-based security platforms. This lack of visibility into and control over intra-server virtual machine communication creates significant security risk for the organization. The lack of enforcement points inside the virtualized domain allows worms and other malicious traffic to propagate unchecked between virtual machines and potentially onto the physical data center network. Such lack of visibility also presents compliance problems. Organizations need a new set of security tools and best practices to secure this new infrastructure tier. Managed By Server Staff Managed By Networking Staff Managed By Security Staff Core/Aggregation Switch Firewall Access Switch Figure 2: Virtual server networking Distributed Application Architectures There has been a major shift away from monolithic application development and toward distributed application architectures, which rely on common, reusable sub-components. While these architectures make application development faster and more efficient, they pose security risks by creating highly distributed communication patterns, with multiple flows per transaction. For example, many Internet applications are mashups in which different elements are delivered by different servers. An igoogle session, for instance, requires accessing multiple specialized applications running on different servers, with the result aggregated and delivered to the user s browser. Many of these applications are built with a service-oriented architecture. SOA separates functions into distinct units, or services, which developers make accessible over the network so that they can be combined and reused in the production of applications. These services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services. As a result, each mashup application front-end typically connects to a large set of back-end applications, creating a fan out hierarchy per user session with a high number of TCP connections per client interaction. Securing this type of highly distributed environment requires the ability to correlate all of these flows with one user performing one transaction. User identity and credentials must be sent and shared among the different mashup applications and back-end services, so that the user information is presented consistently and appropriate access is granted to each application element based on user credentials. Despite their many advantages, mashups, SOA, and similar distributed application technologies make it difficult to enforce access entitlements. Data privacy is another security issue in highly distributed application environments. Since client communications are now targeted at a larger set of systems, the possibility of an eavesdropper intercepting a communication stream increases, making encryption a requirement for communication. Copyright 2009, Juniper Networks, Inc. 5
6 The use of XML within SOA-based applications presents another security challenge. XML, is characterized by large data sets and hence packets. Transporting these large data sets (and packets) between servers requires multiple, high bandwidth TCP sessions, each of which must be inspected by a security enforcement system. Aggregative, throughout the datacenter the overall bandwidth required from the firewalls increases significantly. While distributed application architectures have major advantages allowing for rapid application deployment and reuse of application components, they present unique requirements for a scalable, high-performance security solution capable of tying application flows to specific users. Client Front End App 1 Front End App 2 Front End App 3 Back End App 1 Back End App 2 Back End App 3 Figure 3: Mashup and SOA fan out effect Storage over IP Networks For economic reasons, many organizations are deploying IP-based storage technologies. Leveraging a common IP infrastructure to support data, voice, video, and storage yields economies of scale and simplifies operations. In addition, network attached storage (NAS) technologies such as Network File System (NFS) and Common Internet File System (CIFS), along with storage area network (SAN) technologies such as iscsi, enable organizations to deploy large storage pools, which require fewer network interconnections and less management than is otherwise necessary. Organizations benefit from the ability to predict storage needs more accurately and to better manage the scaling of storage arrays. Despite its flexibility and cost benefits, deploying storage over IP networks presents a heightened security risk. Because it is part of the overall IP infrastructure, the storage network must be protected from denial of service (DoS) and other malware attacks that can result in critical data being unavailable or corrupted, and applications not functioning properly. Data availability can also be compromised by contention on the IP network; latency- and loss-sensitive storage traffic may be crowded out by high volumes of data or video, for example. Privilege escalation can also occur, since storage arrays are accessible to a variety of applications. As new applications are brought online, it is not uncommon for business critical and non business critical data to be stored on the same array. While storage vendors provide tools to secure storage access on the array itself (data at rest), these tools do not address the vulnerabilities of data flowing across the network (data in motion). For enterprises to achieve the benefits of consolidating storage on IP-based networks, they need the ability to ensure data availability, integrity, and confidentiality across the data center s IP infrastructure. 6 Copyright 2009, Juniper Networks, Inc.
7 Core Firewall Core/Aggregation Switches App Server 1 App Server 2 NFS NAS CIFS NAS iscsi SAN Figure 4: Storage arrays shared by multiple applications Sophisticated DDOS attacks through botnets The growing frequency and sophistication of cyber attacks poses a serious, ongoing security challenge. In the past, rogue hackers randomly targeted systems in order to establish credibility in the black hat community. Today, however, the combination of browser-based cloud computing, mobile data platforms, and social networking have given rise to a new breed of threat: stealthy Web-borne malware that forms into highly organized botnets that open a callback channel out of the network to expose confidential data. Browser exploits now account for 65% of all clientside attacks. Cyber criminals embed malicious code within user-generated content websites, third party ads, and high-traffic web applications to compromise servers and clients. The damage is increasingly visible as data breach disclosures become mandatory. In recent years, there has been a steady stream of disclosures from both the private and public sectors. Traditional security mechanisms do not provide a sufficient defense against a cyber criminal who attacks on multiple fronts, from OS exploits, browser attacks, and increasingly, plug-in/widget vulnerabilities. Security Requirements for the Cloud-Ready Data Center To effectively manage the risks resulting from new technologies in the distributed, virtualized systems of today s data center infrastructures, organizations must reevaluate their practices and implement new security solutions. Most security in data centers has been applied at the server level, by installing host-based intrusion detection, identity enforcement, antivirus, and other software agents. This approach, however, isn t scalable, doesn t encompass the range of network-attached devices, and presents major operational challenges. Organizations need a unified security layer operating across the heterogeneous and ever changing data center infrastructure. The network is ideally suited to provide visibility into the application traffic it is carrying, and to act as an insertion point for policy enforcement devices. Managers should look for network-centric security solutions with the following characteristics. Copyright 2009, Juniper Networks, Inc. 7
8 Application Fluency To protect data center assets, network security products such as enforcement gateways, firewalls, and monitoring systems must be intelligent enough to identify application context, and conversations. From a policy definition and security enforcement perspective, the classic TCP/IP session 5 tuple is no longer sufficient to define or enforce business security policies. Enterprises need application fluent security products that allow them to precisely define what actions are allowed within certain application instances. Additionally, such solutions must provide visibility into the application infrastructure, making it possible to determine application usage profiles and other valuable application-level information. As mentioned earlier, in today s data center, multiple application instances may run on a shared host or pool of resources. To differentiate among these applications, some organizations run them on separate TCP port numbers or on separate virtual IP addresses. This approach is quite challenging operationally, since each new application instance requires a change in the network security policy in order to add the necessary TCP port number or virtual IP address. Newer applications use application-specific contextual data such as a pre-pended value in an HTTP URL or in an SQL Bind, to direct application processing requests to the appropriate application instance. Consequently, the network and security operations teams cannot determine whether a session is for business or personal purposes simply by connecting to an application server IP address over port 80 (i.e., connecting to google.com over port 80). Organizations need a new breed of security tools that can fluently identify application instances, application transactions, and application actions without relying solely on TCP/IP header information. The ability to identify an application based on internal characteristics such as protocol attributes is absolutely critical; without this granular visibility, it is impossible to provide the security protection that regulations dictate and business processes demand. Identity-Based Access Enforcement Organizations also need the ability to control application and resource access based on user identity, not just source IP address. With today s mobile, dynamic workforce connecting to application elements that reside on multiple servers within the data center, organizations can no longer assign access privileges based on a well controlled and determined user location represented by the IP address. Rather, IT must be able to provide access for any user, whether an employee, contractor, vendor, or other defined role connecting into the data center from anywhere at any time based on the user role. User access cannot be allowed or denied based solely based on location because a given IP address may only be serving a user temporarily, for example, as a mobile user moves from one location to another. In addition, large pools of translated Network Address Translation (NAT) and proxy network addresses may serve a variety of users in various roles, and therefore are not tied to a specific user. To control user access to dense application clusters, organizations need a network security solution that can enforce identity-based and role-based security policies. Such products should tie user identity to application access information, and make security decisions accordingly. In addition, to accommodate the growing use of collaboration tools across data centers, enterprises need a network security solution with identity federation (IF) capabilities that allow for seamless integration of services from external compute environments without compromising security. The industry has defined a number of standard technologies to help disparate networks exchange identity and privilege information and share common notions of user identities, including the Security Assertion Markup Language (SAML), Extensible Access Control Markup Language (XACML), and Interface for Metadata Access Point (IF-MAP). These technologies make it easier for network security devices to enforce policies based on identity attributes. Enterprises should look for security solutions that support these standards and other technologies for identity store interaction. 8 Copyright 2009, Juniper Networks, Inc.
9 High Capacity, Scalable Platform Design Network-based devices designed to secure the data center must be able to handle the diversity and volume of traffic from today s applications. Data center interior firewalls must handle very high throughput rates, and be able to inspect and control high volumes of traffic crossing between different internal domains at LAN rates. In addition, data center firewalls must support rapid session setup and teardown for very large numbers of sessions. In today s data centers, high numbers of users are accessing a targeted set of compute resources; as a result, a firewall must be capable of managing a million sessions even as tens of thousands of new and old sessions are being set up and torn down. Given the demands on the data center the reliability required by storage traffic and the number of TCP sessions and large packet sizes associated with SOA/mashup application architecture firewalls must have a purpose-built, hardware-based design capable of tremendous processing power. In addition, data center security platforms must have a pay-as-you-grow design, one which allows service processing power to be added as needed without the need to physically or logically redesign the network as a consequence. Centralized Management Given the highly distributed, complex nature of today s data centers, it is a challenge to implement a consistent set of security policies across the entire data center infrastructure. Organizations need a comprehensive security solution that includes management consoles from which operations can centrally manage all functions, including defining a unified security policy and aggregating compliance information. A robust, centralized management system gives the ability to define security policies that are detailed enough to apply granular controls to users, applications, and resource domains, but abstract enough that they don t need to be customized for each enforcement point. With centralized policy creation, managers are spared having to define security policies for each system within the data center, and the potential vulnerabilities created by a patchwork of policies are avoided. Beyond supporting consolidated policy definitions, centralized management systems can significantly reduce security operational overhead in other areas. Organizations have a wide range of hardware and software deployed in data centers today, including switches, routers, server platforms, operating systems, application platforms, and application instances. Keeping all of these systems secure and up-to-date is a tremendous challenge. Organizations can significantly mitigate this challenge by deploying a management system that automatically receives updates and patches for a range of equipment, and allows IT to manually disseminate them. For example, a centralized management system can automatically locate and download the latest vulnerability protections, which operators can manually deploy to various enforcement points in a controlled fashion at their convenience. Finally, centralized management tools with intelligent security information and event management (SIEM) capabilities can interface with network-based security appliances to provide detailed visibility into application usage and user access patterns, both in real time and historically. This consolidated information is necessary for compliance reporting, auditing, and other regulatory requirements. In addition, a centralized SIEM system gives IT the information needed to optimize data center resources and infrastructure. Organizations should look for SIEM tools with in-depth traffic analysis capabilities, including context and transaction analysis. These features enable IT to correlate detailed L7 deep inspection (DI) events with network flow information to form a real-time view of application usage trends. Copyright 2009, Juniper Networks, Inc. 9
10 Edge Firewall Edge Router Perimeter Protection What application? What user? User location? User device? Zone Security Policies Identity Federation and Entitlement IPAddr Port Protocol Joe Size Data SAP Discrete Data Analysis Deep Packet Intelligence Business Analysis Core Firewall Core/Aggregation Switch SSL VPN Identity Store Network Virtualization and Segmentation Layer DMZ Extranet Web Apps DB NAS Virtual Firewall Figure 5: Data center security enforcement reference model Conclusion Securing the Data Center with a Network-Centric Approach Today s organizations rely more than ever on their data centers to enable their operations. The data center continues to evolve as organizations concentrate resources and implement technologies such as server virtualization, distributed application models, and IP-based storage. As a by-product of this economic advantage, data centers are also more vulnerable now than before to an increasingly diverse mix of security risks. In addition to cyber theft and increasing levels of malware, organizations must guard against new vulnerabilities introduced by data center technologies themselves. For example, unmanaged networks of virtual machines, the new communication patterns that result from mashups and SOA, and the use of IP infrastructure for storage networking all introduce new and unique security challenges. To evolve and thrive with these evolutions data center teams should revisit existing information security best practices, technologies, and design approaches in light of these risks. A network-centric approach to securing the virtualized, cloud-ready data center offers a number of benefits, including scalability, unified policy definition and enforcement, and reduced operations overhead. In evaluating security solutions for the data center infrastructure, organizations should look for application fluency, identity-based policy enforcement, centralized management, and appliances with very large-scale processing. Because the network touches every device in the data center, it is an ideal location from which to manage a holistic suite of security tools. And with advances in technology, it is possible to physically connect security devices to just a few points in the network and logically extend them to multiple network segments. Using a network-centric approach makes it easy to implement a unified security policy in a distributed environment, and to extend data center services to virtually any user in any location. 10 Copyright 2009, Juniper Networks, Inc.
11 About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions, Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888.JUNIPER ( ) or Fax: Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: Fax: Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: EMEA Sales: Fax: please contact your Juniper Networks representative at or authorized reseller. Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. Junos is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice EN Oct 2009 Printed on recycled paper Copyright 2009, Juniper Networks, Inc. 11
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
PRODUCT CATEGORY BROCHURE Juniper Networks SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations
SOLUTION BROCHURE Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance Juniper
Reasons Enterprises Prefer Juniper Wireless Juniper s WLAN solution meets the mobility needs of today s enterprises by delivering the highest levels of reliability, scalability, management, and security.
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
WHITE PAPER Security in the Next- Generation Data Center Key Strategies for Long-Term Success Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
SOLUTION BRIEF Juniper Networks 3-2-1 Data Center Network Simplifying the Data Center Network to Reduce Complexity and Improve Performance Challenge Escalating traffic levels, increasing numbers of applications,
IDP Series Intrusion Detection and Prevention Appliances PRODUCT CATEGORY BROCHURE Staying One Step Ahead With the accelerating number of applications allowed in from the Internet and the higher frequency
IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL An illustrated Guide to Configuring a Simple IF-MAP Federated Network Juniper Networks, Inc. 1 Table of Contents Introduction...3 Scope...3
White Paper Five Best Practices to Protect Your Virtual Environment Realizing the Benefits of Virtualization Without Sacrificing Security Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive
APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources Table of Contents Introduction.........................................................................................
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
White Paper Securing Multi-Tenancy and Cloud Computing Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation Copyright 2012, Juniper Networks,
APPLICATION NOTE Network Attached Storage Interoperability Testing Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and Storage Systems Copyright 2012, Juniper Networks, Inc.
PRODUCT CATEGORY BROCHURE SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations of Every Size
SOLUTION BROCHURE JUNIPER NETWORKS WIRELESS LAN SOLUTION Deliver Secure, Scalable, and Reliable Campus Mobility While Maximizing Performance and Minimizing Cost of Ownership Wireless LAN Solution Overview
Solution Brochure Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance STRM NS-Security
Five Steps to Firewall Planning and Design 1 Table of Contents Executive Summary... 3 Introduction... 3 Firewall Planning and Design Processes... 3 Step 1. Identify Security Requirements for Your Organization...
White Paper Firewall Migration Migrating to Juniper Networks Firewall/VPN Solutions Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
DATASHEET vgw Gateway Product Overview The vgw Gateway provides a best-in-class virtual firewall to meet the unique security challenges of virtual data centers and clouds. IT teams can now secure their
WHITE PAPER Juniper Networks High-Performance Networking for Branch Offices of Financial Services Institutions Building the FSI Thin Branch Copyright 2010, Juniper Networks, Inc. Table of Contents Executive
WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table
IMPLEMENTATION GUIDE Remote Access Protection Best Practices for Implementing Remote Access Protection Using Juniper Networks SA Series SSL VPN Appliances, IDP Series Intrusion Detection and Prevention
White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
White Paper SRX Series as Gi/ Firewall for Mobile Network Infrastructure Protection Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3 Overview of LTE (4G)
WHITE PAPER THE IMPORTANT ROLE OF THE NETWORK IN A VIRTUALIZED WORLD Meeting the Demands of a Transforming IT Landscape Copyright 2010, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
WHITE PAPER Network Simplification with Juniper Networks Technology Copyright 2011, Juniper Networks, Inc. 1 WHITE PAPER - Network Simplification with Juniper Networks Technology Table of Contents Executive
SOLUTION BROCHURE Wireless LAN Management Solution Overview Lifecycle Wireless Infrastructure, Security and Services Management Wireless LAN Management Solution Overview A successful wireless LAN (WLAN)
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
DATASHEET NETWORK AND SECURITY MANAGER APPLIANCES ( AND ) Product Overview Now more than ever, network operators need the ability to easily manage security policies and to have visibility into potential
DATASHEET JUNOS SPACE VIRTUAL CONTROL Product Overview The proliferation of virtual switches in the data center has presented data center operators with a significant challenge namely, how to manage these
White Paper ALTERNATIVES FOR SECURING VIRTUAL NETWORKS A Different Network Requires a Different Approach Extending Security to the Virtual World Copyright 2013, Juniper Networks, Inc. 1 Table of Contents
WHITE PAPER DYNAMIC SECURITY FOR THE NEW NETWORK DATA CENTER Juniper Networks Delivers Comprehensive Security Capabilities to Meet the Needs of Next Generation Data Centers Copyright 2010, Juniper Networks,
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
DATASHEET NETWORK AND SECURITY MANAGER Product Overview Juniper Networks Network and Security Manager (NSM) is a unified device management solution for Juniper s network infrastructure of routing, switching
Juniper Solutions for Turnkey, Managed Cloud Services Three use cases for hosting and colocation service providers looking to deliver massively scalable, highly differentiated cloud services. Challenge
WHITE PAPER INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION Copyright 2010, Juniper Networks, Inc. 1 Table of Contents New Challenges Evolving...................................................................................................
APPLICATION NOTE WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2010, Juniper Networks, Inc. 1
SOLUTION BRIEF END-TO-END SECURITY WITH SA SERIES SSL VPN APPLIANCES Ensure Remote Users and Devices Meet Security Requirements Before Granting Access to Network Resources Challenge As the global workforce
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
APPLICATION NOTE Deploying IP Telephony with JUNIPER NETWORKS ETHERNET Switches Optimizing Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches Copyright 2009, Juniper Networks,
APPLICATION NOTE Web Filtering For Branch SRX Series and J Series Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2009, Juniper Networks, Inc. Table
APPLICATION NOTE CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS) Discover Which Juniper Networks ScreenOS Rule Search Works for Your Network Copyright 2010, Juniper
Security Services Gateways PRODUCT CATEGORY BROCHURE Integrated Strong Security for Data Center, Campus, Branch and Cloud Deployments As threats to the network grow more prevalent and destructive, securing
White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue
PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
WHITE PAPER The Juniper Networks QFabric Architecture: A Revolution in Data Center Network Design Flattening the Data Center Architecture Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive
Silver Peak s Virtual Acceleration Open Architecture (VXOA) A FOUNDATION FOR UNIVERSAL WAN OPTIMIZATION The major IT initiatives of today data center consolidation, cloud computing, unified communications,
White paper Keys to SAP application acceleration: advances in delivery systems. Table of contents The challenges of fast SAP application delivery...3 Solving the acceleration challenge: why traditional
APPLICATION NOTE Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2009, Juniper Networks,
Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different
Application Note Limitation of Riverbed s Quality of Service (QoS) Riverbed s Quality of Service (QoS) configuration and limitations Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California
APPLICATION NOTE DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES Optimizing Applications with Juniper Networks Access Switches Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Introduction.....................................................................................................3
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
Customer Benefits Through Automation with SDN and NFV Helping service providers solve specific challenges they are facing today while improving the overall customer service life cycle 1 Table of Contents
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
Zone Labs Integrity Smarter Enterprise Security Every day: There are approximately 650 successful hacker attacks against enterprise and government locations. 1 Every year: Data security breaches at the
SOLUTION BRIEF NETWORKING SOLUTIONS FOR HEALTHCARE AND PHARMACEUTICALS Comprehensive Infrastructure Solutions to Keep the Healthcare/Pharmaceutical Network Healthy Challenge Healthcare and pharmaceutical
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap
Application Note Deploying IP Telephony with EX-Series Switches Optimizing VoIP Applications with EX 3200 and EX 4200 Series Ethernet Switches Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
WHITE PAPER DATA CENTER FABRIC FOR CLOUD NETWORKS Laying the Foundation for Next-Generation Cloud Infrastructures Copyright 2009, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................