Slide1: Secure And Assured Networking With SSL VPN Steve Waterhouse


Juniper Networks Corporate FactsLeader in Secure and Assured Communications: Juniper Networks Corporate Facts Leader in Secure and Assured Communications Top three in market share in all of our key markets SSL VPN market leader ~ 3,100 employees worldwide; Operate in more than 50 countries Over 500 worldwide channel partners Focus on customers who derive strategic value from their networks Serve the world’s top 25 service providers 77% of the Fortune 100 More than $1.3B in revenue, over 170% earnings growth on over 90% revenue growth in 2004


Extending Leadership: Most SSL VPN Awards: Extending Leadership: Most SSL VPN Awards Security Audits - Industry Awards - Head-to-Head Product Reviews - Market Leadership -


Customer Challenges: Access vs. Security: Customer Challenges: Access vs. Security Maximize Productivity Extend application to partner (Partner Extranet) Increase employee efficiency (Intranet portals, ERP) Support different users (customized, controlled) Enable provisional worker (Contractor, off-shoring) Enforce Strict Security Restrict access to appropriate level Mitigate risks from untrusted sources (i.e. kiosks, non-employees) Consistently apply security policy Must Balance against Costs Capital Expense Ongoing admin and support


Juniper Networks Layered Security Solution Overview: Juniper Networks Layered Security Solution Overview Centralized Management DMZ HR Wireless Network Finance Business Partner Regional Office Integrated FW/VPN with DoS protection and access control Network segmentation protects critical resources from unauthorized roaming users and network attacks Network aware with built-in high availability, and resiliency Centralized management simplifies configuration, deployment, management Remote access VPN for secure communications Intrusion prevention automatically detects and prevents attacks from inflicting damages Fixed Telecommuter


The Secure Access Landscape: The Secure Access Landscape Fixed/Site-to-Site Remote Access Connectivity Requirements: Bridge fixed, “trusted” networks Managed devices Transparent access to remote LAN Full access to network resources Network-layer mgmt & administration Connectivity Requirements: Access from “untrusted” networks Access from unmanaged devices Options: Internet VPNs (IP Sec) Network VPNs (MPLS) Options: SSL VPNs Remote/Branch Office Fixed telecommuters Business Partners Customers HQ Mobile employees/consultants


SSL VPN Value Proposition: SSL VPN Value Proposition The Juniper Networks Secure Access SSL VPN platforms deliver instant, secure access to users while significantly reducing total cost of ownership (TCO) Proof Points: Clientless Deployment: Minimal Cap Ex, Deployment, Configuration or Support Overhead; Requires No Changes to LAN/Server Resource Application-Layer Security: Controls access to only the application resource, not to native network User Flexibility/Enterprise Productivity: Delivers secure access to users from just a Web browser LAN Resources External Users


End-to-End Secure Access via SSL VPN: End-to-End Secure Access via SSL VPN Endpoint Defense Hardened Appliance Directory Integration Directory Stores Data Transit Security Dynamic Access Privilege Mgmt


End-to-End Secure Access via SSL VPN: End-to-End Secure Access via SSL VPN Endpoint Defense Hardened Appliance Directory Integration Directory Stores Data Transit Security Dynamic Access Privilege Mgmt Strong Authentication Host Checker 3rd Party Software Compliance Registry, processes, files, custom DLLs, ports, etc. Application Authenticity Check Recurring Host Check Cache Cleaner Eliminate session data Delete temp files Centralized Security Gateway Network Security DDOS Protection URL Attack Protection Network Firewall SSL Transport Dynamic Authentication Policy Certificate, Source IP, Host Checker, Cache Cleaner, User Agent, Interface, etc. Granular Authorization Rules Group Based URL, Host, Port Client/Destination End Point/Connection Check In-Transit Data Protection Data Trap Non-Cacheable HTML rendering Cookies Host Name Encoding


Juniper SSL VPN Product Family: Functionality and Scalability to Meet Customer Needs: Breadth of Functionality Juniper SSL VPN Product Family: Functionality and Scalability to Meet Customer Needs Enterprise Size Secure Access 700 Secure Access 2000 Secure Access 4000 Secure Access 6000 Designed for: SMEs Secure remote access Includes: Network Connect Options/upgrades: 10-25 conc. users Core Clientless Access Designed for: Medium enterprise Secure remote, intranet and extranet access Includes: Core Clientless Access Designed for: Medium to large enterprise Secure remote, intranet and extranet access Includes: Core Clientless Access Options/upgrades: 25-100 conc. users SAMNC Secure Meeting Advanced w/ CM Cluster Pairs Options/upgrades: 50-1000 conc. users SAMNC Secure Meeting Advanced w/ CM Instant Virtual System SSL Acceleration Cluster Pairs Designed for: Large-global enterprise Secure remote, intranet and extranet access Includes: Core Clientless Access SSL acceleration Options/upgrades: 100-2500 conc. users SAMNC Secure Meeting Advanced w/ CM Instant Virtual System GBIC SSL Acceleration Multi-Unit Clusters


Access Methods (Application & Resources): Access Methods (Application & Resources) CORE ACCESS Secure Web Application Access Secures Access to Web based content and applications Support for HTML, Javascript, DHTML, VBScript, socket-based Java applets, XML, Flash etc. Secure File Share Access Dynamically webifies Windows and Unix Files (CIFS/NFS) Standards-Based E-mail Client Access Support for Standards-based e-mail protocols (IMAP, POP, SMTP) Anywhere access with no additional client software or hardware Secure Terminal Access Access to Telnet/SSH server hosts (VT100, VT320…) Anywhere access with no terminal application or VPN clients


Access Methods (Application & Resources): Access Methods (Application & Resources) SECURE APPLICATION MANAGER Access to client/server applications, including native messaging clients, like Microsoft Outlook and IBM/Lotus Notes Native delivery of MSTS and Citrix ICA clients Eliminates costs, complexity, and security risks associated with VPNs No incremental software/hardware or customization to existing apps Java and Windows versions WSAM enables client/server applications on mobile devices, such as Pocket PC, allowing granular access and auditing NETWORK CONNECT Full network access at IP Layer Adaptive dual transport mode of High Performance/High Availability Cross Platform dynamic download GINA integration Client and server-side logging, auditing and diagnostics Endpoint assessment and containment integration Both access methods available in SAMNC Upgrade


Access Privilege Management – 1 URLSame person access from 3 different locations: From the field Pre Authentication Gathers information from user, network, endpoint Dynamic Authentication Authenticate user Map user to role Roles Assignment Assign session properties for user role Resource Policy Grant access to resource as specified by policy Access Privilege Management – 1 URL Same person access from 3 different locations


Use ControlMultiple URLs provide differentiated access for a variety of audiences: Use Control Multiple URLs provide differentiated access for a variety of audiences


Juniper Key DifferentiatorsCustomer Key Requirements: Juniper Key Differentiators Customer Key Requirements Core Competence in SSL-based Access Market Share Product Maturity Single Platform for All Extended Enterprise Needs (both application and network-layer) Support for complex Web content, Files, Telnet/SSH with browser Client/Server applications Adaptive dual transport method for network-layer access End-to-End Security Dynamic Access Privilege Management Client-less and client driven end-point security (J.E.D.I.) 3rd party security audits Performance, Scalability & HA Differentiated hardware platforms Global & local stateful clustering Compression, SSL acceleration, GBIC connectors, Dual hot-swappable hard disks, power supplies, and fans Ease of Administration Centralized Management Granular Role-based Delegation Extensive integration with existing directories Native endpoint remediation and password management integration


Results: Juniper Networks Security Solutions Help Lower TCO: Results: Juniper Networks Security Solutions Help Lower TCO Lower Equip Cost The right solution for your security problems Broad product line Predictable performance under load Integrated security applications Flexible configuration Simple licensing – primarily device-based Single management platform, with CLI and Web base alternatives Lower Deploy Cost Fewer devices to deploy Ease of use – reducing configuration time Lower testing and patching investment One management security console to deploy Rapid Deployment capabilities Lower Op Cost Ease of use Less time troubleshooting Single vendor support Advanced debugging options in CLI Lower testing and patching investment Secure OS reduces vulnerabilities Equipment Cost Support Cost Deployment Cost Operation Cost Lower Support Cost Single vendor for all the support needs Single security management console Lower equipment cost, which translates into lower support cost