Identity-Based Application and Network Profiling



Similar documents
Identity-Based Traffic Logging and Reporting

Limitation of Riverbed s Quality of Service (QoS)

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Juniper Networks Solution Portfolio for Public Sector Network Security

JUNOScope IP Service Manager

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

WXOS 5.5 SSL Optimization Implementation Guide for Configuration and Basic Troubleshooting

Configuring and Implementing A10

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

After you have created your text file, see Adding a Log Source.

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

PRODUCT CATEGORY BROCHURE

COORDINATED THREAT CONTROL

NETWORK AND SECURITY MANAGER

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

Juniper Networks Solution Portfolio for Public Sector Network Security

Setting up an icap Server for ISG- 1000/2000 AV Support

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

Remote Access Protection

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

NSM Plug-In Users Guide

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

PRODUCT CATEGORY BROCHURE

Juniper Networks Education Services

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)

This technical note provides information on how to customize your notifications. This section includes the following topics:

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

Implementing Firewalls inside the Core Data Center Network

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Juniper Networks Customer Service

Using Multicast Call Admission Control for IPTV Bandwidth Management

Deploying IP Telephony with EX-Series Switches

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

Web Filtering For Branch SRX Series and J Series

Juniper Networks Management Pack Documentation

Migrating Log Manager to JSA

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

A Secure Network for Credit Card Transactions

Meeting PCI Data Security Standards with

SECURE ACCESS TO THE VIRTUAL DATA CENTER

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

Introduction to Junos Space Network Director

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

STRM Log Manager Administration Guide

Strategic Network Consulting

Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS)

Installing and Configuring vcloud Connector

SOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

ADMINISTRATOR S GUIDE

Palomar College Dial-up Remote Access

Juniper Secure Analytics

Adaptive Log Exporter Service Update

Security Solutions Portfolio

Registered Trademarks and Proprietary Names

Juniper Networks WX Series Large. Integration on Cisco

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

Installing JSA Using a Bootable USB Flash Drive

How do I set up a branch office VPN tunnel with the Management Server?

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

REPLACING THE SSL CERTIFICATE

Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Product Description. Product Overview

Voice Modules for the CTP Series

Getting Started Guide

Juniper Secure Analytics

WinCollect User Guide

Implementation Consulting

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Juniper Secure Analytics

Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways

SSL Insight Certificate Installation Guide

Juniper Networks Network and Security Manager

Registered Trademarks and Proprietary Names

Network Configuration Example

Managing Vulnerability Assessment

Installing and Configuring vcloud Connector

Junos Pulse Secure Access Service

IDP SERIES POLICY DESIGN AND OPTIMIZATION

Integrating Juniper Netscreen (ScreenOS)

Installation Guide. Trimble Accubid Time & Material Billing Software

Introduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...

Solution Brief. Migrating to Next Generation WANs. Secure, Virtualized Solutions with IPSec and MPLS

Service Description Overview

Tackling the Top Five Network Access

Juniper Secure Analytics

StarWind iscsi SAN Software: Using an existing SAN for configuring High Availability storage with Windows Server 2003 and 2008

Transcription:

Application Note Identity-Based Application and Network Profiling Using UAC in Conjunction with NSM, IDP and Infranet Enforcers Permits User-Identified Application and Network Profiling Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net Part Number: 350113-001 Nov 2007

Table of Contents Introduction... 3 Scope.... 3 Design Considerations... 3 Description and Deployment Scenario... 3 Summary..................................................................... 11 About Juniper Networks... 12 2 Copyright 2007, Juniper Networks, Inc.

Introduction Scope When Juniper Networks Unified Access Control (UAC) is used in conjunction with Juniper Networks NetScreen-Security Manager (NSM) and Juniper Networks Infranet Enforcers, you gain user-identified visibility into your network traffic. With the addition of an Intrusion Detection and Prevention (IDP) system, whether standalone or integrated, you can gain an even deeper insight into your network by being able to correlate user identity with application and network profiling data collected by the IDP. Previously, profiler data was identified strictly by a combination of IP addresses, ports, and applications, but no user identity information was included. The identity of the user responsible for generating the traffic obtained by the profiler was difficult to determine without a significant correlation effort. Using UAC, however, the IDP application and network profile is tagged with the username and roles of the user that generated the profiled traffic. This application note describes how to configure NSM, the Infranet Enforcers, and the IDP to provide user-identified application and network profiler information. Design Considerations To generate identity-based profiler data, you need the following: Hardware Requirements Server platform capable of running NSM version 2007.2R1 or greater (or Juniper Networks NSMXpress appliance) Infranet Enforcer(s) capable of running Juniper Networks ScreenOS version 6.0.0R1 or greater Juniper Networks Infranet Controller models IC4000 or IC6000 IDP standalone (IDP50/200/600/1100) or firewall-integrated (Juniper Networks Integrated Security Gateways [ISG] 1000/2000) Software Requirements Description and Deployment Scenario NetScreen-Security Manager version 2007.2R1 or greater ScreenOS version 6.0.0R1 or greater Infranet Controller version 2.0R3 or greater IDP software v4.1r1a or greater In order to use this new feature you must complete a couple of steps. First, the Infranet Enforcers, and the IDP systems used to gather profiling information, must be under control of NSM. Before adding the devices to NSM, you must make a change to the NSM Device Server configuration: Edit the /var/netscreen/devsvr/devsvr.cfg file. Look for the following line in the file and change it from: devsvrmanager.uac_correlation_enabled 0 to devsvrmanager.uac_correlation_enabled 1 After making this change, you will need to restart the NSM Device Server. You can either reboot the NSM server, or execute the command /usr/netscreen/devsvr/bin/devsvr.sh restart. Copyright 2007, Juniper Networks, Inc. 3

After modifying the NSM Device Server configuration, you can add your Infranet Enforcer and IDP devices to NSM. Be aware that without at least one Infranet Enforcer configured to send traffic logs to NSM, you will not be able to correlate user-identity with profiler data. This is because NSM receives the user, role, and IP address information from the Infranet Enforcer traffic log data. As such, useridentified profiling should be done using an ISG platform with the integrated IDP module(s). Using the ISG as both an Infranet Enforcer and IDP ensures that the traffic log data matches that collected by the profiler and permits NSM to identify by user all application and network profile information. Though possible to use a standalone IDP in conjunction with separate Infranet Enforcers, this is not ideal, as the IDP profiler may collect application and network data that cannot be correlated because the user s traffic did not pass through an Infranet Enforcer. To get the Infranet Enforcer traffic logs into NSM, you must complete three steps: (1) add the Infranet Enforcer to NSM, (2) enable traffic logging on the Infranet Enforcer, and (3) enable logging on any Infranet policy for which you want traffic data captured to NSM. For a step-by-step configuration example, see the Identity-based Traffic Logging and Reporting application note. Next, you must add the IDP to NSM. While this procedure is covered in detail in numerous other documents, below is a brief step-by-step guide on how to do it. Within NSM, open the Device Manager > Security Devices window, click on the plus sign (+), and select Device from the pull down menu. Figure 1: Log View Creation Enter the Device Name for your IDP (this is only for NSM), then click Next. Specify the IP Address of the IDP, along with the Admin Username and Password and the root password of the device; then click Next. Once contact is made, click Next to accept the IDP s SSH key. Finally, once the device information has been auto-detected, click Next to add the IDP into NSM. 4 Copyright 2007, Juniper Networks, Inc.

Figure 2: IDP Addition to NSM After adding the IDP to NSM, you will most likely need to import the device s configuration into NSM. You can verify whether or not this needs to be done by mousing over the IDP in the Security Devices view. Note the value for Configuration State. If it indicates that an import is needed, perform the next step; otherwise you can skip it. Even if the Configuration State shows Managed, performing an import will not harm anything. Figure 3: IDP Status To import the IDP configuration into NSM, right-click on the IDP device icon and select Import Device from the menu. After a few moments, NSM should report the successful importation of the IDP configuration. You can again check the status of the IDP, which should now show its Configuration State as Managed. Copyright 2007, Juniper Networks, Inc. 5

Figure 4: IDP Configuration Import into NSM Once the IDP is in a Managed state, it s time to configure it for profiling. Open the IDP configuration for editing by double-clicking the IDP icon in the Security Devices list. In the Info pane, select a Security Policy from the pull-down menu. You can use a pre-defined Security Policy, or you will have to create your own (not discussed here). Figure 5: Configure IDP Security Policy 6 Copyright 2007, Juniper Networks, Inc.

Next, go to the Profiler Settings pane. There are several tabs here that you will need to configure. First, check the Enable Profiling checkbox on the General tab. Figure 6: Enable Profiling Copyright 2007, Juniper Networks, Inc. 7

On the Tracked Hosts tab, select those hosts that you want the profiler to pay attention to. The list of Tracked Hosts must be defined separately in the Object Manager section of NSM. Figure 7: Selecting Tracked Hosts 8 Copyright 2007, Juniper Networks, Inc.

On the Contexts to Profile tab, select all Contexts unless you have a specific reason not to. Consult the IDP and NSM documentation for further information about these selections. After completing this tab, click OK to save the Profiler configuration. Figure 8: Selecting Contexts to Profile To start the Profiler, right-click on the IDP device icon in the Security Device list and select IDP Profiler > Start Profiler from the pull-down menu. The pop-up window allows you to change any of the Profiler settings that you just made (you don t need to change anything). Click OK to start the Profiler. You should receive a Job Information window showing that the Profiler has started. Figure 9: Starting the Profiler Copyright 2007, Juniper Networks, Inc. 9

To see the Profiler logs, navigate to the Security Monitor > Profiler menu within the NSM main window. The Application Profiler will be the default view. It s possible that this table won t contain the User and Role columns that you re after, so you ll have to add them. Select View > Choose Columns from the menus at the top of the NSM window, check the User and Role checkboxes, and move them to a position of your liking. Figure 10: Adjusting Column Settings Your Application Profiler view should now look something like the picture below. The User column will reflect the username of the person that generated the traffic associated with that particular Profiler entry, and the Role column will show the UAC roles to which that user was mapped. All other traditional Profiler information is there, and now it s correlated to a user. Figure 11: Application Profiler View 10 Copyright 2007, Juniper Networks, Inc.

The Network Profiler view looks similar. Figure 12: Network Profiler View Summary The latest versions of NSM, Infranet Enforcers, IDP and UAC, working together as an integrated solution, enable you to perform application and network profiling that is specific to an individual user. This user-indentified profiling information provides you with valuable insight into the state of your network and application usage. Copyright 2007, Juniper Networks, Inc. 11

About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net. CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net EUROPE, MIDDLE EAST, AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks (UK) Limited Building 1 Aviator Park Station Road Addlestone Surrey, KT15 2PG, U.K. Phone: 44.(0).1372.385500 Fax: 44.(0).1372.385501 EAST COAST OFFICE Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886-3146 USA Phone: 978.589.5800 Fax: 978.589.0800 ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks (Hong Kong) Ltd. 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 Copyright 2007 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. To purchase Juniper Networks solutions, please contact your Juniper Networks sales representative at 1-866-298-6428 or authorized reseller. 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information