Juniper Networks Secure



Similar documents
White Paper. Five Steps to Firewall Planning and Design

The Global Attacker Security Intelligence Service Explained

JUNIPER CARE PLUS ADVANCED SERVICES CREDITS

Juniper Care Plus Services

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

Junos Space for Android: Manage Your Network on the Go

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Customer Benefits Through Automation with SDN and NFV

Juniper Optimum Care. Service Description. Continuous Improvement. Your ideas. Connected. Data Sheet. Service Overview

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

JUNOS PULSE APPCONNECT

Junos Space Virtual Control

Effective Software Security Management

Juniper Networks Automated Support and Prevention Solution (ASAP)

TOPOLOGY-INDEPENDENT IN-SERVICE SOFTWARE UPGRADES ON THE QFX5100

90% of data breaches are caused by software vulnerabilities.

locuz.com Professional Services Security Audit Services

Web Application Security

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Security + Certification (ITSY 1076) Syllabus

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Integrated Threat & Security Management.

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Networks that know data center virtualization

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Reasons to Choose the Juniper ON Enterprise Network

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

External Supplier Control Requirements

MIGRATING TO A 40 GBPS DATA CENTER

Cisco Security Optimization Service

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Application Intrusion Detection

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

SAFECode Security Development Lifecycle (SDL)

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

SEVEN MYTHS OF CONTROLLER- LESS WIRELESS LANS

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

IBM Managed Security Services Vulnerability Scanning:

Penetration Testing Service. By Comsec Information Security Consulting

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Information Security Services

Why should I care about PDF application security?

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

SECURE ACCESS TO THE VIRTUAL DATA CENTER

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

The Next Generation of Security Leaders

Privilege Gone Wild: The State of Privileged Account Management in 2015

IBM Protocol Analysis Module

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

OWASP AND APPLICATION SECURITY

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

Data Security Incident Response Plan. [Insert Organization Name]

Application Security in the Software Development Lifecycle

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Columbia University Web Security Standards and Practices. Objective and Scope

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Juniper Solutions for Turnkey, Managed Cloud Services

Security within a development lifecycle. Enhancing product security through development process improvement

A Decision Maker s Guide to Securing an IT Infrastructure

Application Code Development Standards

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Reasons Enterprises. Prefer Juniper Wireless

Network Security Audit. Vulnerability Assessment (VA)

Threat Modeling. Deepak Manohar

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

White Paper. Copyright 2012, Juniper Networks, Inc. 1

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services

Application Security in the Software Development Life Cycle (SDLC) White Paper

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

elearning for Secure Application Development

ITAR Compliance Best Practices Guide

Advanced Service Desk Security

Chapter 6: Fundamental Cloud Security

SECURITY EDUCATION CATALOGUE

Enterprise Computing Solutions

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Transcription:

White Paper Juniper Networks Secure Development Lifecycle Six Practices for Improving Product Security Copyright 2013, Juniper Networks, Inc. 1

Table of Contents Executive Summary...3 Introduction...3 Juniper Networks Secure Development Lifecycle...3 Practice #1: Secure Coding Training... 6 Practice #2: Security Considerations in Design...7 Practice #3: Threat Modeling...7 Practice #4: Penetration Testing... 8 Practice #5: Release Security Review... 9 Practice #6: Incident Response Plan... 9 Conclusion... 9 About Juniper Networks...10 List of Figures Figure 1: Juniper Networks Secure Development Lifecycle practices... 4 Figure 2: Secure Development Lifecycle lightweight process... 5 Figure 3: Example threat model for an application running in a networked environment... 8 2 Copyright 2013, Juniper Networks, Inc.

Executive Summary This document describes Juniper Networks process for developing products that are more secure, more resilient, and better able to address security requirements for service provider customers, enterprise customers, and Internet users. It addresses customer requirements for a security assurance process that works to improve software security while conforming to industry practices. This document outlines six separate security activities, or practices, that work together to enhance the process for developing secure products. Finally, it establishes these enhanced practices as an integral security layer within Juniper Networks product development methodology. Introduction Invisible and essential as air, the global Internet is the most important engineering feat in modern history. Scientific American, September 2012 The Internet is the defining accomplishment of our generation, and Juniper Networks contributes to this amazingly powerful system through its extensive portfolio of networking products. Juniper products and services are critical for maintaining the global flow of information across network core, access, and aggregation layers. Juniper products power the world s most demanding networks, including top global service providers and 99 of the Fortune Global 100 companies. For many companies, concerns over security and the need for secure products are at the center of today s business drivers: Business survival: Company reputation and future business growth rely on having secure products Threats: Attacks are more sophisticated, with an increasing focus on monetary gain and espionage Technology: Sophisticated hacking tools are being developed by organized entities Regulatory matters: Government, industry, and customer contracts require security assurances Internet end users, along with enterprise and service provider customers, are depending on Juniper to do its part to ensure product security. Malicious entities are continually seeking to disrupt the Internet, break its universal connectivity, or breach its integrity. Juniper products must be resilient enough to withstand these attacks and keep the Internet running. Given this critical role, Juniper has implemented the Juniper Networks Secure Development Lifecycle. Juniper Networks Secure Development Lifecycle Juniper s Secure Development Lifecycle methodology consists of a sequence of six product security activities designed to provide assurance that Juniper products are sufficiently secure and resilient. While individually each practice addresses aspects of secure software development, together these practices create a layered and holistic security model that works in conjunction with Juniper s product development processes. The six Secure Development Lifecycle practices cover a range of security functions: Practice #1: Secure Coding Training Practice #2: Security Consideration in Design Practice #3: Threat Modeling Practice #4: Penetration Testing Practice #5: Release Security Review Practice #6: Incident Response Plan Copyright 2013, Juniper Networks, Inc. 3

Figure 1 illustrates the serial nature of Secure Development Lifecycle practices while still providing for information exchange between any of the practices. Threat Modeling 3 4 Penetration Testing Security in Design 2 JUNIPER SECURE DEVELOPMENT LIFECYCLE 5 Security Review Release 1 Training 6 Incident Response Plan Figure 1: Juniper Networks Secure Development Lifecycle practices Each of these practices has a role to play in managing and mitigating risks due to product development security issues that could impact Juniper s business, customers, and Internet users. By adopting this methodology, Juniper assesses the baseline security of products and takes active steps to help customers maintain or improve their security posture as new products are introduced and their business grows. Secure Development Lifecycle practices align with Juniper s overall Product Development Lifecycle (PDL) methodology, which provides a consistent process for product planning, design, implementation, test, release, and ongoing support. Conceptually, the Secure Development Lifecycle adds a lightweight process layer to the PDL. Information involved in secure product development not only flows between practices, but is also exchanged with processes related to the overall product release and delivery in the PDL. 4 Copyright 2013, Juniper Networks, Inc.

Threat Modeling Penetration Testing Security in Design JUNIPER SECURE DEVELOPMENT LIFECYCLE Security Review Release Training Incident Response Plan Implementation QA/Test Verification Design JUNIPER PRODUCT DEVELOPMENT LIFECYCLE Release Planning Maintenance Figure 2: Secure Development Lifecycle lightweight process While Secure Development Lifecycle practices generally flow sequentially in conjunction with PDL phases, the methodology is flexible enough to address security concerns independent of product or feature lifecycles. In other words, output from any one of the Secure Development Lifecycle practices can serve as input to one or more other practices. For example, feedback from the Incident Response Plan can effect changes in Secure Coding Training or Threat Modeling for a product. At the same time, flaws uncovered during Penetration Testing might be flagged for special consideration during Release Security Review. Copyright 2013, Juniper Networks, Inc. 5

Ultimately, the six practices that comprise Juniper s Secure Development Lifecycle work to address the five goals of Internet security: Confidentiality ensuring that only authorized individuals have access to the resources being exchanged Integrity guaranteeing that the message sent is the message received Availability ensuring the information system s proper operation Non-repudiation guaranteeing that an operation cannot be denied Authentication ensuring that only authorized individuals have access to the resources The following sections define each of the Secure Development Lifecycle practices. Practice #1: Secure Coding Training At the heart of Juniper s commitment to making its products more secure is a commitment to training our engineering community in secure coding techniques. Secure Coding Training is a prerequisite for implementing the Secure Development Lifecycle. All software developers at Juniper are required to take the training, which is foundational for building more resilient software. Training is provided in multiple coding languages, with developers taking the appropriate course: C/C++, Java,.NET, PHP, and so on. Secure Coding Training covers fundamental concepts related to secure coding, secure design, secure testing, and privacy, including the following topics: Secure Coding Buffer overflows Integer arithmetic errors Input and output validation Handling errors with return codes Cross-site scripting Weak cryptography Secure Design Principle of least privilege Data access threats and defenses Secure defaults Security testing Verification techniques Code review Static and dynamic analysis Privacy Types of private information Privacy management Cryptography, passwords, and secrets While Secure Coding Training is mandatory for all developers, Juniper believes that everyone involved in software development is responsible for security in the product software. This includes managers, program managers, testers, and IT personnel. With this in mind, Secure Development Lifecycle training is available 24 hours a day, 7 days a week to all employees, and it offers a range of additional training covering secure coding fundamentals: Security testing principles Application security IT security Building a baseline of secure coding knowledge and awareness among all those involved in software development benefits the overall implementation of the Secure Development Lifecycle. And it also helps in facilitating each individual practice, especially when it comes to evaluating security considerations in the functionality design. 6 Copyright 2013, Juniper Networks, Inc.

Practice #2: Security Considerations in Design Addressing security is important at every stage of product development, but it is especially critical to address security at the beginning of a project through careful consideration and planning. Identifying and fixing security issues at the end of a product development cycle or after a product release can be expensive, both in terms of the rework cost and with regard to schedules, deliverables, revenue, and customer good will. Security risks not only come from determined attackers, but also from innocent oversights in software administration. When developers consider security in the functional design, they conduct three basic tasks: Evaluate for vulnerabilities Assess the possibility of a threat compromising a vulnerability Mitigate the vulnerability in design or recommend suitable secure deployment of functionality Reviewing the vulnerabilities and threats that might arise in software, along with the associated mitigations relative to the operation of the product, establishes a security posture, or baseline security state for the product. You can think of this in the same way that a military organization evaluates, anticipates, and prepares to address security issues, thereby establishing a posture relative to a specific threat or vulnerability. The security posture for a router deployed in a bank is different from that of a switch installed in an office. Juniper s PDL process states that functional specifications associated with every new Juniper Networks Junos operating system feature must have a security considerations section, which evaluates threats on a specific feature, protocol, or technology. The types of attacks and threats associated with the software security posture depend on the product and can include, but are not limited to, eavesdropping, replay, message insertion, message deletion, modification of data, man-in-the-middle, and denial of service (DoS). Some products might also require a review of cryptographic functions. Reviewing security relative to feature functionality is accomplished through a series of Secure Development Lifecycle activities: Vulnerability assessments using industry standard information and publications such as RFCs Security posture evaluation in product software functional specifications Security feedback integrated into product planning and design A solid understanding of a product s security posture through review of the functionality design serves as input into other Secure Development Lifecycle practices, including Threat Modeling. Practice #3: Threat Modeling Many products on the market today provide security functionality, but providing security in a product does not necessarily mean the product is secure. Building a secure product means you have worked to consider and understand the security risks and vulnerabilities associated with that product. Vulnerabilities, by definition, are not always accounted for by developers and therefore can become risks. Additionally, attackers think differently than developers. Attackers will not use the product as it was designed and will look for any means by which to exploit vulnerabilities in the functionality. To truly build a more secure product, developers must understand the threats to a product. Threat Modeling is a process that evaluates the product to identify potential threats that could compromise it, or potential threats that aid in compromising other components or systems interacting with that product. Threat Modeling determines risks from those threats and sets the boundaries for a range of appropriate mitigations. The threat model also helps developers to define a product s attack surfaces, meaning the breadth and depth of exposure to compromise. For example, a weak password can be exploited by a brute force attack, or the use of a predictable TCP/IP ephemeral port may allow an attacker to mount a TCP reset attack. Threat Modeling builds a framework for deeper security evaluation by identifying and enumerating issues: Identifies and enumerates security assumptions based on the product security posture and functional specifications Identifies and enumerates security risks in feedback from other Secure Development Lifecycle practices Conducts system decomposition, identifying the actors, processes, data flows, data stores, and trust boundaries Identifies threats and vulnerabilities Enumerates threats using industry standard Common Vulnerabilities and Exposures (CVE) identifiers Copyright 2013, Juniper Networks, Inc. 7

Figure 3 represents a threat model for an application running in a networked environment, and illustrates how developers relate elements of the threat model when evaluating product security. Threats/actors Untrusted Boundaries Processes Data Stores Data Flows Network Internet Authentication Store Test Activities Mobile Auth RADIUS LDAP OpenLDAP GUI Desktop Product Apps Browser CLI Javascript Flash VBScript CLI Mobile Desktop Network Devices SMTP Figure 3: Example threat model for an application running in a networked environment The output of Threat Modeling serves as input to other phases of the Secure Development Lifecycle, including Penetration Testing. Practice #4: Penetration Testing With a product s security posture defined and threat model documented, the Secure Development Lifecycle calls for evaluation and validation of the security risks through ethical hacking of identified attack surfaces. The most common method of validation is Penetration Testing. Penetration Testing is a security evaluation methodology in which ethical hackers mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. It involves launching real attacks on test systems, using tools and techniques commonly used by adversaries. Penetration Testing makes use of the threat model to devise a penetration test plan based on enumerated attack surfaces and threats. The threat model illustrated in Figure 3 demonstrates how threat model information is used in penetration test planning, identifying facets of various attack surfaces and listing associated test points. The penetration test plan describes tools and techniques to be employed and includes a combination of manual and automated tests. Penetration Testing generates exploits that can compromise a vulnerability in the product and breach the confidentiality, integrity, or availability of the system. The key strategies of Penetration Testing generally focus on high-risk, high-threat components comprising the product. The types of tests depend on what attack surfaces were identified in the threat model. For example, Penetration Testing for web-based applications might include access from a mobile device, whereas a switch in a wiring closet might not have the same access. Penetration Testing identifies potential vulnerabilities. Areas of focus for testing can include, but are not limited to, authentication, authorization, cryptography, and access privileges. Vulnerabilities identified through Penetration Testing can be fixed or mitigated in the PDL prior to the product release. Vulnerabilities learned from penetration tests provide a baseline for future product testing. As with all other practices forming the Juniper s Secure Development Lifecycle, lessons learned in Penetration Testing can provide feedback to other practices. For example, bugs found during Penetration Testing can serve as input to Security Considerations in Design, and as input to the Release Security Review. 8 Copyright 2013, Juniper Networks, Inc.

Practice #5: Release Security Review With each practice, the Secure Development Lifecycle is building a picture of a product s security posture. Security considerations defined in the functional specifications, threat conditions identified through modeling, and penetration test results all provide a piece of the security picture. The Release Security Review is a deliberate examination of a product s security posture prior to release with the goal of identifying and evaluating the security risks, which might then be eliminated, reduced, mitigated or accepted in relation to the PDL. The Release Security Review considers the following factors: Background information about the product and related documentation Secure Coding Training requirements Functional specifications and any recommendations for product enhancements Threat Modeling analysis results Penetration Testing results and the number and types of issues logged Bug reviews, including the number and priority Prior product security reviews From this information, the security team can evaluate the severity of the issues reported in all Secure Development Lifecycle practices and work to fix those issues prior to release of the product. As well as defining the overall security posture for the product, results of the Release Security Review also serve as input to other Secure Development Lifecycle practices. Practice #6: Incident Response Plan Network technologies today are complex, and individual features can comprise hundreds of files, thousands of objects, and millions of lines of code. Also, products, systems, and solutions are becoming more interdependent. A product that was released with no known vulnerabilities can become subject to threats over time. The Incident Response Plan outlines how Juniper responds to potential product vulnerabilities and how these threats and mitigations are communicated to customers. This practice builds on Juniper s industry-respected Security Incident Response Team (SIRT) framework for responding to security issues. In responding to security incidents, the plan relies on existing SIRT tools, best practices, processes, and relationships: Dedicated security experts available for response Potential vulnerabilities identified from multiple sources, including internal review, customer service, threat monitoring, and cooperation with researchers, partners, and other vendors Security bugs evaluated and scored using industry standard Common Vulnerability Scoring System (CVSS) methodology Customer advisories published with industry standard Common Vulnerabilities and Exposure (CVE) identifiers to aid customer understanding Established communications channels for resolving incidents Information sharing with industry peers to prevent the spread of threats and allow for fixing of vulnerabilities in multivendor customer networks Threats and vulnerabilities identified through the Incident Response Plan are included in the Release Security Review for consideration of the overall product security posture. Conclusion Juniper Networks Secure Development Lifecycle is a series of six security practices implemented in conjunction with Juniper s product development methodology to create an environment where secure coding and product development go hand-in-hand. This environment provides a framework for building products that are more secure and resilient to the ever changing landscape of Internet threats, and that meet the ever growing need for secure products that address the business drivers of companies both today and into the future. From secure coding practices to responding to security incidents, the Secure Development Lifecycle works to secure products against entities intent on disrupting the flow of information across the Internet, launching malicious attacks, or engaging in espionage. Given the critical role Juniper products play in maintaining the global flow of information, Internet users, as well as companies doing business around the world, depend on Juniper Networks to do all it can to build secure products. The Secure Development Lifecycle is one way Juniper Networks is leading the way. For more information about the Secure Development Lifecycle, please contact sdl-feedback@juniper.net. Copyright 2013, Juniper Networks, Inc. 9

About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: 31.0.207.125.700 Fax: 31.0.207.125.701 To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller. Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 2000526-001-EN Sept 2013 Printed on recycled paper 10 Copyright 2013, Juniper Networks, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information