Orchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer



Similar documents
TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

Security Orchestration with IF-MAP

Security Coordination with IF-MAP

IF-MAP Use Cases: Real-Time CMDB, and More

IF-MAP Overview. Jan Ursi Technical Director EMEA Infoblox Inc. All Rights Reserved.

Trusted Network Connect (TNC)

The Importance of Standards to Network Access Control

POLICY SECURE FOR UNIFIED ACCESS CONTROL

Network Access Control (NAC) and Network Security Standards

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Unified Security TNC EVERYWHERE. Wireless security. Road Warrior. IT Security. IT Security. Conference Room. Surveillance.

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Junos Pulse. Uwe Nelkel Business Development Manager Junos Pulse. IBM Golf Cup, Golfclub Holledau, September 14 th 2011

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

SOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect

OneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

Network Access Security It's Broke, Now What? June 15, 2010

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

Mobile Secure Network Connectivity for Industrial Control Systems

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Pulse Policy Secure. Supported Platforms Guide. Product Release 5.1. Document Revision 1.0 Published:

MOBILITY BEYOND BYOD. Jonas Gyllenhammar. Consulting Engineer Junos Pulse solutions

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

PassTest. Bessere Qualität, bessere Dienstleistungen!

NETWORK ACCESS CONTROL

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

April 29, 2010 The Security Of B2B: Enabling An Unbounded Enterprise

Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published:

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Trust: When Physical and Logical Security Worlds Collide

A viable SIEM approach for Android

UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT

Policy Management: The Avenda Approach To An Essential Network Service

SHA-256 IAB Q&A. February 2011

Trusted Network Connect (TNC)

Tackling the Top Five Network Access

A Secure Network for Credit Card

WLAN Security: Identifying Client and AP Security

DYNAMIC SECURITY FOR THE NEW NETWORK DATA CENTER

IF-MAP Driving IT Agility through an Infrastructure Revolution

Technical Note. CounterACT: 802.1X and Network Access Control

How To Improve Your Network Security

SOLUTION BROCHURE. Juniper Networks. Intelligent Security and Performance for the Distributed Enterprise

Pulse Policy Secure. Data Sheet. Published Date

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

State of the Market for Security Information Event Management and Log File Management Solutions

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Secure Networks for Process Control

Network Security 1 Module 4 Trust and Identity Technology

Frank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network strategy to meet new threats and achieve expanded business imperatives

NETWORK AND SECURITY MANAGER

Addressing BYOD Challenges with ForeScout and Motorola Solutions

A Secure Network for Credit Card Transactions

End Point Security & Network Access Control

Data Security and Healthcare

The User is Evolving. July 12, 2011

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Trusted Network Connect (TNC) 4th European Trusted Infrastructure Summer School August / September 2009

Technical Note. ForeScout CounterACT: Virtual Firewall

SOFTWARE DEFINED NETWORKING

Best Practices for Outdoor Wireless Security

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

Cisco & Big Data Security

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Frank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network security strategy to meet new threats and simplify IT security operations

How To Buy Nitro Security

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Reasons Enterprises. Prefer Juniper Wireless

IS YOUR INFORMATION SECURE? Secure and reliable ICT. Our experience. Your benefit. SWISS CYBER SECURITY

On-boarding and Provisioning with Cisco Identity Services Engine

CISCO IOS NETWORK SECURITY (IINS)

Symantec VIP Integration with ISE

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

IC Series Unified Access Control Appliances, UAC Agent, Junos Pulse and Enforcement Points

Network Access Control (NAC)

Evolving Network Security with the Alcatel-Lucent Access Guardian

Juniper Networks Solution Portfolio for Public Sector Network Security

Unified Access Control 4.0R1. Supported Platforms. IC Build OAC Build Junos Pulse Release

Bring Your Own Device:

SECURING TODAY S MOBILE WORKFORCE

Recommended Wireless Local Area Network Architecture

Avaya Identity Engines Portfolio

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

How To Use Cisco Identity Based Networking Services (Ibns)

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

a Item Summar WHY ACTION IS NECESSARY: Board approval required for the expenditure of approximately $143,000 which is in excess of the $50,000 limit.

ForeScout CounterACT. Continuous Monitoring and Mitigation

Cisco TrustSec Solution Overview

Bypassing Network Access Control Systems

Security Information & Event Management (SIEM)

Avaya Identity Engines Portfolio

Transcription:

Orchestrated Security Network Automated, Event Driven Network Security Ralph Wanders Consulting Systems Engineer

Orchestrated Security Network! " TCG/ TNC Architecture! " IF-MAP! " Use cases of IF-MAP! " Benefits of an IF-MAP ecosystem (Juniper Networks + Infoblox + Great Bay )

TCG: standards for trusted systems Virtualized Platform Mobile Phones Printers & Hardcopy TNC Authentication Network Security Storage Security Hardware Applications "Software Stack "Operating Systems "Web Services "Authentication "Data Protection Desktops & Notebooks Servers Infrastructure

Tnc architecture Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Metadata Access Point (MAP) Sensors, Flow Controllers

Coördinated security via IF-MAP SOAP based protocol for publishing data to the MAP and querying or subscribing to get data from it Asset Management System Endpoint Security (via NAC) SIM / SEM MAP IPAM IF-MAP Protocol Physical Security ICS/SCADA Security AAA DLP Server or IDS Switching Wireless Firewalls Cloud Security

Open, standard, multi-vendor & future proof IF-MAP ensuring Interoperability:!" Built in IF-MAP server on IC!" MAP client enables publish, subscribe and search Access Requester (AR) Wireless Policy Enforcement Point (PEP) Network Perimeter Policy Decision Point (PDP) Metadata Access Point (MAP) IF-MAP Clients SA Series Great Bay IF-MAP Server IC Series Insightix Junos Pulse EX Series IC Series Third-Party Firewalls Lumeta Hirsch Wired Firewall Third-Party Appliances Wave SRX Series Third-Party DLP Infoblox

TNC Adoption ecosystem partners Access Requestor Policy Enforcement Point Policy Decision Point Metadata Access Point Sensors, Flow Controllers

USE CASE I: Access control at both L2 & L3 3rd Party Supplicants IF-MAP Juniper Endpoint Profiler Tablet/Notebook/Laptop Juniper Policy Server (IC) SBR/AD/LDAP/PKI/RSA/ Radius Protected Resource Juniper Client Juniper EX series SRX OAC/Junos Pulse Juniper WLC series!" Hybrid (dot1x+l3) network access control!" Differentiated access based on corporate assets vs. personal devices!" Web Auth via IC/ EX/ WLC (Captive Portal)!" Role based dynamic ACLs from IC to the switch port!" Addition: Coordinated threat control via IPS sensors / SIEM

USE case II: user-role based app firewall 3rd Party Supplicants IF-MAP Juniper Policy Server (IC) Tablet/Notebook/Laptop SBR/AD/LDAP/PKI/RSA/ Radius Protected Resource OAC/Junos Pulse Juniper Switches- WLAN 3 rd Party Switches- WLAN SRX Application layer based access Control in the market:!" Application identification via SRX FW!" IC pushing user-role info to SRX!" Infoblox pushes DHCP/ IP info to IC (non Junos Pulse clients!)!" SRX is enforcing user access to application

Use case III: access control at L2 - MAC auth & device profiling IF-MAP Juniper Policy Server (IC) Juniper Endpoint Profiler LDAP Unmanageable Devices Protected Resource Juniper Switches Printers/Fax/ Phones 3 rd Party Switches MAC Auth at different entry points:!" MAC auth at access layer or IC or Profiler!" Supports managed/unmanaged devices!" Profiler solution supporting device profiling & role based access control for phones, printers etc

Use case iv: protect against MAC spoofing IF-MAP Juniper Policy Server (IC) Juniper Endpoint Profiler LDAP Unmanageable Devices Protected Resource Juniper Switches Printers/Fax/ Phones 3 rd Party Switches Detection and mitigation of spoofed MAC address:!" Profiler detects MAC spoofing, assigns device to new profile!" Profiler publishes event via IF-MAP!" IC receives IF-MAP event, updates endpoint access privileges

Use case V: coordinated threat control via IF-MAP STRM MAP Server (IC or 3 rd -party) Sensor Juniper Policy Server (IC) SBR/AD/LDAP/PKI/RSA/ Radius Protected Resource OAC/Junos Pulse Juniper Switches- WLAN 3 rd Party Switches- WLAN SRX Dynamic attack protection:!" Profiler, STRM, or third-party sensor detects unauthorized activity!" IDP and/or STRM communicates to IC via MAP!" IC updates access control on firewalls, switches

IF-MAP Ecosystem Advantages! " Open standards! " Non-proprietary Supports multi-vendor compatibility! " Interoperability! " Visibility and control! " Excellent Return-on-Investment (ROI)! " Leverages existing network infrastructure! " Easily extensible in the future (through IF-MAP ecosystem partners) with added functionality! " OPEX Reduction! " Automated/ event driven

LAN ACCESS CONTROL MARKET 2012 Magic Quadrant Key Takeaways: Juniper's focus on open standards enables it to support heterogeneous network environments and helps to keep the pressure on other NAC vendors to minimize vendor proprietary features.. Juniper UAC integration across its IPS, SSL VPN, firewall, SIEM and Junos Pulse offerings is strong...

Vragen?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information