Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions Copyright © 2008 Juniper Networks, Inc. ‹#› Agenda Access Control Solutions Overview Access Control Solutions Architecture and Use Cases The Access Control Solutions Advantages Copyright © 2008 Juniper Networks, Inc. ‹#› 2 Enterprise IT Challenges Mine Theirs Mine Theirs Managed Devices Unmanaged Devices Compliance Standards Regulations Internal Policies Copyright © 2008 Juniper Networks, Inc. Managed Users Guest Users ERP Email Back-up Differentiated Service For some Not for all ‹#› Enterprise IT Challenges 35M Old risks never go away. New risks growing. 30M Adware Trojan Downloader 25M Trojan Potentially Unwanted Software 20M Browser Modifier 15M Your goal is to reduce your costs while securing your network. Spyware Remote Control Software 10M Monitoring Software 5M 0M 1H06 2H06 3H07 2H07 Source: Microsoft Malicious Software Removal Tool Disinfections by Category, 2H05 – 2H07 Copyright © 2008 Juniper Networks, Inc. ‹#› Meeting Enterprise IT Challenges with Juniper Networks Access Controls Solutions Theirs Access Control Solutions Response Role Based Access Control Identity-Based QoS Network Visibility Advanced Network Protection ERP Email Back-up Copyright © 2008 Juniper Networks, Inc. ‹#› Agenda Access Control Solutions Overview Access Control Solutions Architecture and Use Cases The Access Control Solutions Advantages Copyright © 2008 Juniper Networks, Inc. ‹#› 6 Introducing Access Control Solutions with Juniper EX-series Switches Infranet Controller Juniper UAC Agent Juniper EX-Series Switches Copyright © 2008 Juniper Networks, Inc. Juniper Intrusion Detection and Prevention Juniper Firewalls 1 Endpoint profiling for user authentication, endpoint health and location 2 Dynamic Role Provisioning 3 Enforce access controls to protected resources 4 Feedback for postadmission control decisions Application Servers ‹#› Role Based Access for Guest User Access 1 Guest attempts to gain network access 2 Guest role policy pushed to enforcers 3 Guest tries to access corporate resources and is blocked 4 Internet access is permitted Applications Bandwidth limiting Lower priority scheduling Copyright © 2008 Juniper Networks, Inc. ‹#› Role Based Access Control for Network Segmentation Finance Servers Engineering Servers 1 Engineering role policy pushed to enforcers 2 Communication to Finance Servers blocked 3 Engineering access permitted Engineering Contractor Copyright © 2008 Juniper Networks, Inc. ‹#› Role Based Access with Identity-Based QoS QoS policies stored on IC and sent to the EX-series switch, implementing dynamic QoS policies per user session ERP Servers 1 Mark ERP traffic high and place in high-priority queue 2 Mark email traffic medium QoS and place in best-effort queue 3 Mark client back-up traffic low and place in best-effort queue Copyright © 2008 Juniper Networks, Inc. LAN Switch E-mail Servers Internet Gateway Router Benefits Offer different levels of QoS per use Assuring real-time application receive the performance they require But, only for job-related functions ‹#› Network Visibility Engineering Servers Finance Servers Guest 1 User requests access 2 Logs, alarms sent to management systems 3 Engineering server access denied and attempt logged 4 Finance access permitted and logged 5 All successful and failed access is logged Finance User Copyright © 2008 Juniper Networks, Inc. ‹#› Network Visibility Reports 1 User requests access 2 Logs, alarms sent to management systems 3 Remote access monitored and engineering server access denied 4 Finance access permitted 5 All successful and failed access is logged Engineering Servers Finance Servers Guest Finance User Copyright © 2008 Juniper Networks, Inc. ‹#› Role Based Access Control and Network Visibility Benefits Enforce different access entitlements based on job role, access location and device type Segmenting the network significantly reduces the scope of insider threat attacks and the spread of malicious software like viruses and worms Network visibility offers fast analysis of network usage changes and highly accurate anomaly detection Common compliance requirements are enforced and reports generated for auditors Simplify reporting by automating the association of user names and applications to users and their groups. Copyright © 2008 Juniper Networks, Inc. ‹#› Advanced Network Protection with Coordinated Threat Control Applications Copyright © 2008 Juniper Networks, Inc. 1 IDP detects network threats 2 Signals anomaly information to Infranet Controller (IC) 3 IC correlates network threat to specific user/device 4 IC coordinates with EX to remediate the user ‹#› Advanced Network Protection: Compliant Endpoint Assessment 1 Scan endpoints to assure enabled and up-to-date antivirus, personal firewall, etc. Autoremediate or offer options to self-remediate. 2 User allowed on network with job-appropriate access restrictions as long as they stay compliant. Update AV Now “Your AV signatures are out of date” Copyright © 2008 Juniper Networks, Inc. ‹#› Advanced Network Protection Benefits Theirs Managed and unmanaged devices must comply with usage policy before gaining network access Decreases malicious traffic on your network by enforcing compliant and healthy endpoints Advanced network protection automatically identifies and mitigates attacks that antivirus software misses Self/auto-remediation reduces helpdesk calls Logging all device and user endpoint health while denying non-compliant devices/users - common certification requirement (e.g. PCI, HIPAA, SOX, COBIT, etc.) Copyright © 2008 Juniper Networks, Inc. ‹#› Agenda Access Control Solutions Overview Access Control Solutions Architecture and Use Cases The Access Control Solutions Advantages Copyright © 2008 Juniper Networks, Inc. ‹#› 17 Address Most Critical Problems First Theirs ERP Email Back-up TIME Solution designed to be rolled out in phases Quick IT wins Use same infrastructure to address new issues when ready Saves deployment time, expenses and reduces risk Copyright © 2008 Juniper Networks, Inc. ‹#› Standards Based Strategy IEEE 802.1X switch communication IPsec encryption Trusted Computing Group’s Trusted Network Connect (TNC) Simplifies leveraging existing switching and routing infrastructure Integrates into existing AAA, Active Directory and Identity Management (IdM) infrastructure Standards allow for innovation & design flexibility Works with current infrastructure Avoid infrastructure-vendor lock-in Copyright © 2008 Juniper Networks, Inc. ‹#› Comprehensive Partnerships and Standards Copyright © 2008 Juniper Networks, Inc. ‹#› Build Out Comprehensive Access Control Solutions Juniper SSL VPN for remote access protection • Similar administrative and user experience • Same host check software • Result: Lower OPEX for training and rollout Leverage vendor agnostic 802.1X wireless and wired infrastructure • Control access and assign VLANs in your current infrastructure • Result: Lower CAPEX and fast deployment Combine seamlessly with any Juniper Firewall • Enforce LAN encryption for protected communication • Layer 4 – 7 granular access controls independent or in complement of switch infrastructure • Result: Flexibility and high-performance Copyright © 2008 Juniper Networks, Inc. ‹#› Centralized Management for Access Control Solutions (Summer 2008) Network & Security Management Juniper NSM Juniper STRM Device Configuration Policy Management Juniper EX-series Switches Inventory Management Status Monitoring Juniper Intrusion Detection and Prevention Juniper Firewalls Threat Detection Event Log Management Compliance & IT Efficiency Juniper Infranet Controller Juniper Secure Access SSL VPN Centralized management for networking infrastructure significantly reduces OPEX Less to learn Less mistakes Faster ramp up time for new hires Copyright © 2008 Juniper Networks, Inc. ‹#› Bottom Line Benefits Access Control Solutions solve IT Challenges Reduce CAPEX • Rollout in phases on existing networking and Access Control Solutions infrastructure • Standards and partner based strategy Reduce OPEX • Centralized management and reporting Deploy Access Control Solutions with EX-series Switches • Industry-leading capabilities • Superior network protection and security • Differentiate and innovate your network Copyright © 2008 Juniper Networks, Inc. ‹#› Learn More http://juniper.net/access Highlighted Resources • Top 5 Use Cases for NAC White Paper • Juniper Unified Access Control and EX-series Switches Solution Brief Product Information • EX-series Switch (http://www.juniper.net/switch) • Unified Access Control (UAC) (http://www.juniper.net/products_and_services/unified access_control/) Copyright © 2008 Juniper Networks, Inc. ‹#› Copyright © 2008 Juniper Networks, Inc. ‹#› 25