Remote Access VPN Helping enterprise businesses implement strong authentication for their remote workforce

Similar documents
Stop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks

Software Defined Secure Networks

SECURING THE MULTICLOUD

Build a Software-Defined Network to Defend your Business

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Juniper Sky Advanced Threat Prevention

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Extending Enterprise Security to Multicloud and Public Cloud

SRX als NGFW. Michel Tepper Consultant

Juniper Sky Advanced Threat Prevention

Zero Trust Security with Software-Defined Secure Networks

JUNIPER SKY ADVANCED THREAT PREVENTION

Software-Defined Secure Networks. Sergei Gotchev April 2016

Junos Security Bundle, JSEC & AJSEC

Software-Defined Secure Networks in Action

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Overview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017

Extending Enterprise Security to Public and Hybrid Clouds

Policy Enforcer. Product Description. Data Sheet. Product Overview

Cloud-Enable Your District s Network For Digital Learning

FUNDAMENTALS FOR RELOADED MPLS-VPN CONNECTIVITY

CONTRAIL SECURITY. Contrail Cloud Networking & Security

Journey to Secure and Automated Multi-cloud

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Software-Define Secure Networks The Future of Network Security for Digital Learning

Security Partner Activation Kit

Extending Enterprise Security to Public and Hybrid Clouds

Security Everywhere within the Juniper Networks Mobile Cloud Architecture. White Paper

Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran

Overview of the Juniper Networks Mobile Cloud Architecture

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Future-ready security for small and mid-size enterprises

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Juniper SRX Services Gateway Performance Testing

SDSN: Dynamic, Adaptive Multicloud Security

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Business Strategy Theatre

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

All-in one security for large and medium-sized businesses.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Network. Arcstar Universal One

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Networking Drivers & Trends

Mitigating Branch Office Risks with SD-WAN

Building a Software-Defined Secure Network for Healthcare

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Kerio Control. Unified Threat Management without Complexity. Presenters name. Presented by

Who We Are.. ideras Features. Benefits

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

High End SRX. Overview of the SRX in the datacenter

Microsoft Internet Security & Acceleration Server Overview

Security with Passion. Endian UTM Virtual Appliance

A Unified Threat Defense: The Need for Security Convergence

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Total Threat Protection. Whitepaper

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Service Automation Made Easy

Disclaimer CONFIDENTIAL 2

Training UNIFIED SECURITY. Signature based packet analysis

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Software Defined Broadband Networks. Jon Mischel Director, Product Management

Chapter 9. Firewalls

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud

New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

INTERCONNECTING MULTICLOUD WITH VMX

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

STARTERS ORDERS: SD-WAN ROADMAP

Palo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

The Future of Threat Prevention

white paper SMS Authentication: 10 Things to Know Before You Buy

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

Coordinated Threat Control

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Firewalls for Secure Unified Communications

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Network Configuration Example

Junos Security (JSEC)

Security Assessment Checklist

Copyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer

NCP Exclusive Remote Access Management

Rethinking Security: The Need For A Security Delivery Platform

SECURE HYBRID CLOUD Solution

Security for the Cloud Era

Google Identity Services for work

Transcription:

Remote Access VPN Helping enterprise businesses implement strong authentication for their remote workforce Julian Weinberger Director System Engineering, NCP Engineering Inc. Vaishali Ghiya Senior Director, Global Security Sales & Solutions, Juniper Networks

This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted in this presentation. This presentation contains proprietary roadmap information and should not be discussed or shared without a signed non-disclosure agreement (NDA).

Security Sessions at NXTWORK Dec 12 th Mainstage Dec 12 th Salon 10-11 Make The Network Your New Security Platform Kevin Hutchins, SVP, Strategy and Product Line Management, Juniper Networks Conversation: Bob Worrall, SVP, CIO, Juniper Networks and Ed Glover, Vice President, Stroz Friedberg Panel Discussion Anthony Belfiore SVP, CSO, Aon, John White, Vice President of Product Strategy, Expedient. Moderator: Mike Marcellin, CMO, Juniper Networks Conversation Jeff Moss, President, DEF CON Communications and Mike Marcellin, Juniper Networks Simulation of a Security Breach Christopher Crummey, Executive Director - IBM Security X-Force Evangelism & Outreach Remote Access VPN for Juniper SRX Zero Security Trust with SDSN Networks Securing Hybrid Cloud Deploying Enterprise Scale User Firewall Secure Enterprise Branch Solutions with NFX and Automation Contrail Security: Diminishing Risk to Applications in Any Cloud Deploying Enterprise Scale User Firewall and Device Identity Dec 13 th Salon 10-11 Extending Enterprise Security to Hybrid and Public Cloud MX Edge Security Solution for Cloud, Mobility & Wireline Providers Security NOW: Stop Threats Faster 3

Software Defined Secure Network Detection Machine Learning & AI Malware Detection Intrusion Prevention, SIEM (JSA) Threat Feeds: Command & Control, GeoIP etc Policy User intent based policy model Robust visibility and management Network as a Security Enforcement System Enforcement Perimeter Firewalls Switches & Routers SDN Platforms (Vmware NSX, Contrail) Public Cloud (AWS etc)

SRX Product Line Evolution New hardware platforms & software innovations LOW END Small Data Center MIDRANGE SRX4200 Mid-sized Data Center SRX5400 Large Data Center SRX5600 5U, 480 Gb/s Very Large Data Center /SP SRX4600 SRX4800 8U, 960Gb/s HIGH END SRX5800 00 16U, 2Tbps 3U, 320 Gb/s 1U, 80 Gb/s 1U, 40 Gb/s Branch Refresh SRX300/320/ 340/345 SRX550 Compact Campus SRX1500 1U, 5 Gb/s SRX4100 1U, 20 Gb/s vsrx Virtual SRX 4 Gb/s (2 vcpu) 20 Gb/s (upto 10 vcpu) BRANCH & SECURE ROUTER SMALL CAMPUS ENTERPRISE EDGE/SMALL DATA CENTER NDA: Juniper Networks Company Confidential DATA CENTER All performance estimates are IMIX

Security Services: Physical and Virtual SRX Next Generation Firewall Services Application Control Intrusion Prevention User-based firewall Unified Threat Management Anti-Malware Web/Content Filtering Anti-spam Junos SRX Foundation Security Intelligence Command & control GeoIP feeds Custom feeds Firewall VPN NAT Routing Management Reporting Analytics SKY ATP Anti Malware SRX Integrated Deception Techniques Automation Juniper Security Analytics & Integrated Logging and reporting

Next Generation Firewall Services App Tracking Understanding security risks Address new user behavior Ingress Heuristics for evasive and tunneled apps More application signatures Open signature language App Firewall App QoS App Routing SSL Proxy Block access to risky apps Allow user tailored policies Prioritize important apps Rate-limit less important apps Define packet forwarding for Apps Create custom app environment SSL packet inspection Egress IPS Prevent application borne security threats

SRX Unified Threat Management (UTM) Antivirus Antispam Web Filtering Content Filtering Sophos Live Protection against Trojans, Viruses, Phishing Attacks Reputationenhanced capabilities Multilayered spam protection from security experts Protection against APTs Block malicious URLs Prevent lost productivity Websense TSC with more than 140 categories Filter out extraneous or malicious content Maintain bandwidth for essential traffic Subscription Based Software Services for a Turnkey Fully Integrated Offering

Joint Solution NCP & Juniper Networks COMMUNICATION & SECURITY

Joint Solution NCP & Juniper Networks Secure Cost Efficient Ease of use - Mobile IPsec and SSL VPN in one VPN client One interface across all devices One solution for Juniper SRX/vSRX Series Strong authentication built in Automated Media Detection Always On Automatic Network Detection High scalable Everything combined in one GUI

Julian Weinberger

User passwords are not enough Many recent breaches have one thing in common: compromised passwords If your network security relies solely on user passwords for access, you re putting your corporate data at risk Two-factor authentication adds a layer of security for clear identification of every user Added protection reduces the risk and enormous costs associated with a potential data breach COMMUNICATION & SECURITY

Why Two- or Multi-Factor Authentication? Many industries, network architectures and corporate policies demand that remote access VPN infrastructures are protected with two-factor authentication Higher level of security Regulatory industry compliance Enterprise information security policies COMMUNICATION & SECURITY Other single factor authentication methods are Don t provide necessary level of security Too complex for administrator compared to level of security

Session Agenda Methods of user authentication Putting two (or more) factors together Barriers to adoption Balancing security and simplicity Challenges for strong authentication in remote access environments Solution for Juniper SRX Q&A COMMUNICATION & SECURITY

Authenticating data types Something you KNOW Two-factor authentication makes use of (at least) two types, and at least one from two different categories Something you HAVE Something you ARE

Methods of User Authentication Something You KNOW Password/PIN OTP (one-time password) User certificates Something You Have Token or calculator Phone Machine/Hardware certificate Smartcard TPM

Methods of User Authentication Something You ARE Fingerprint Face recognition Iris recognition Keystroke dynamics

Putting two factors together Common examples of combining something you KNOW and something you HAVE/ARE to clearly validate user identity include: OTP + phone Certificate + smartcard Certificate + TPM (virtual smartcard) Password + fingerprint Certificate + fingerprint OTP + token OTP + calculator COMMUNICATION & SECURITY

Going overboard Combining a super-secure authentication solution that includes, for example, a token, OTP, smartcard, and certificate isn t likely to be acceptable to an end user

Barriers to adoption If the need for two-factor authentication is understood, why is the adoption rate still low? Another layer of security means another layer of work Some VPN clients, operating systems, and application do not support it An enterprise s user directory using single sign on may not support it Most second factors require hardware, adding rollout and maintenance costs COMMUNICATION & SECURITY

Challenges in a Remote Access VPN environment Costs Additional hardware Tokens Smartcards Card reader Fingerprint Scanner COMMUNICATION & SECURITY Service/Software Authentication Server Service fee...

Challenges in a Remote Access VPN environment Rollout How to get the second factor of authentication to the end user Shipping Administrative costs COMMUNICATION & SECURITY

Challenges in a Remote Access VPN environment Overhead For the user Training Actual usage of the second factor For the Enterprise Helpdesk calls Shipping and return of hardware Hardware damage Administration COMMUNICATION & SECURITY

Where should you start? Choose a two- or multi-factor authentication solution that meets these criteria: Feature Fully integrated with VPN services Easy to implement Easy to maintain Scalable Benefit Not having to deal with two different vendors speeds up implementation and reduces helpdesk support costs Using existing hardware, such as phones, doesn t introduce new admin challenges Cumbersome authentication steps or specialized hardware add support headaches Central management, with automated updates, makes it easy to support your growing business needs

Joint Solution NCP & Juniper Networks COMMUNICATION & SECURITY

Joint Solution NCP & Juniper Networks

Joint Solution NCP & Juniper Networks WiFi LOGIN PERSONAL FIREWALL 3G / 4G / LTE VPN CLIENT ONE CLICK / ZERO CLICK

Joint Solution NCP & Juniper Networks ACTIVE DIRECTORY (LDAP) NCP DEPLOYMENT 2 FACTOR AUTHENTICATION MOBILE USERS CERTIFICATION AUTHORITY (CA) RADIUS SERVER

Joint Solution NCP & Juniper Networks Central Management System for VPN clients Automated configuration and software update Configuration and software update Mass rollouts Create, renew and revoke certificates Multi-tenancy capability Manageability of all VPN clients Full control of VPN clients Integration with any directory service (LDAP, AD, RADIUS, ) Two- and multifactor authentication Support of 3 rd party solutions Built-in two-factor authentication

Joint Solution NCP & Juniper Networks Built-in two-factor authentication NCP & Juniper Networks provide a built-in two-factor authentication for Juniper SRX Based on OTP Uses text messages to deliver the OTP to user s phone Interface to text message provider Interface to mobile broadband cards Easy and scalable COMMUNICATION & SECURITY

Joint Solution NCP & Juniper Networks MOBILE USER INTERNET SRX 1. CONNECTING 4. TRANSPARENT NETWORK ACCESS 3. ENTER OTP 2. SMS WITH OTP HEADQUARTERS NCP SECURE ENTERPRISE MANAGEMENT

Summary Depending solely on user passwords for VPN access puts corporate secrets at risk Two-factor authentication adds a layer of security to identify users clearly Authenticating data is based on something you KNOW, HAVE and/or ARE Overcome barriers to adoption with solutions that are: Integrated with VPN services and user directory Easy to implement and maintain Scalable COMMUNICATION & SECURITY NCP & Juniper Networks provide you with sophisticated two-factor authentication solutions for your Juniper SRX

Joint Solution NCP & Juniper Networks Sign up at www.ncp-e.com to get access to Free 30 days trial versions of the software Pricelist Sales presentation Data sheets Step-by-step configuration guides COMMUNICATION & SECURITY Visit our booth Booth #7 Get a demo by a System Engineer Receive further information about the solution Or just say Hi

<

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback