Juniper Networks Access Control Solutions

advertisement
Juniper Networks
Access Control Solutions
Delivering Comprehensive and
Manageable Network Access Control Solutions
Copyright © 2008 Juniper Networks, Inc.
‹#›
Agenda
 Access Control Solutions Overview
 Access Control Solutions Architecture and
Use Cases
 The Access Control Solutions Advantages
Copyright © 2008 Juniper Networks, Inc.
‹#›
2
Enterprise IT Challenges
Mine
Theirs
Mine
Theirs
Managed
Devices
Unmanaged
Devices
Compliance
Standards
Regulations
Internal Policies
Copyright © 2008 Juniper Networks, Inc.
Managed
Users
Guest
Users
ERP
Email
Back-up
Differentiated Service
For some
Not for all
‹#›
Enterprise IT Challenges
35M
Old risks never
go away.
New risks
growing.
30M
Adware
Trojan Downloader
25M
Trojan
Potentially Unwanted Software
20M
Browser Modifier
15M
Your goal is to
reduce your
costs while
securing your
network.
Spyware
Remote Control Software
10M
Monitoring Software
5M
0M
1H06
2H06
3H07
2H07
Source: Microsoft Malicious Software Removal Tool Disinfections by Category, 2H05 – 2H07
Copyright © 2008 Juniper Networks, Inc.
‹#›
Meeting Enterprise IT Challenges with
Juniper Networks Access Controls Solutions
Theirs
Access Control Solutions Response
Role Based Access Control
Identity-Based QoS
Network Visibility
Advanced Network Protection
ERP
Email
Back-up
Copyright © 2008 Juniper Networks, Inc.
‹#›
Agenda
 Access Control Solutions Overview
 Access Control Solutions Architecture and
Use Cases
 The Access Control Solutions Advantages
Copyright © 2008 Juniper Networks, Inc.
‹#›
6
Introducing Access Control Solutions with
Juniper EX-series Switches
Infranet Controller
Juniper
UAC
Agent
Juniper
EX-Series
Switches
Copyright © 2008 Juniper Networks, Inc.
Juniper
Intrusion
Detection
and Prevention
Juniper
Firewalls
1
Endpoint profiling for user
authentication, endpoint
health and location
2
Dynamic Role
Provisioning
3
Enforce access controls
to protected resources
4
Feedback for postadmission control
decisions
Application
Servers
‹#›
Role Based Access for Guest User Access
1
Guest attempts to gain
network access
2
Guest role policy pushed
to enforcers
3
Guest tries to access
corporate resources and
is blocked
4
Internet access is
permitted
Applications
 Bandwidth limiting
 Lower priority scheduling
Copyright © 2008 Juniper Networks, Inc.
‹#›
Role Based Access Control for Network
Segmentation
Finance
Servers
Engineering
Servers
1
Engineering role policy
pushed to enforcers
2
Communication to
Finance Servers blocked
3
Engineering access
permitted
Engineering
Contractor
Copyright © 2008 Juniper Networks, Inc.
‹#›
Role Based Access with Identity-Based QoS
QoS policies stored on IC and
sent to the EX-series switch,
implementing dynamic QoS
policies per user session
ERP Servers
1
Mark ERP traffic
high and place in
high-priority queue
2
Mark email traffic
medium QoS and
place in best-effort
queue
3
Mark client back-up
traffic low and place
in best-effort queue
Copyright © 2008 Juniper Networks, Inc.
LAN
Switch
E-mail Servers
Internet
Gateway
Router
Benefits
Offer different levels of QoS per use
Assuring real-time application receive the
performance they require
But, only for job-related functions
‹#›
Network Visibility
Engineering
Servers
Finance
Servers
Guest
1
User requests access
2
Logs, alarms sent to
management systems
3
Engineering server
access denied and
attempt logged
4
Finance access permitted
and logged
5
All successful and failed
access is logged
Finance User
Copyright © 2008 Juniper Networks, Inc.
‹#›
Network Visibility Reports
1
User requests access
2
Logs, alarms sent to
management systems
3
Remote access monitored
and engineering server
access denied
4
Finance access permitted
5
All successful and failed
access is logged
Engineering
Servers
Finance
Servers
Guest
Finance User
Copyright © 2008 Juniper Networks, Inc.
‹#›
Role Based Access Control and
Network Visibility Benefits
 Enforce different access entitlements based on job role,
access location and device type
 Segmenting the network significantly reduces the
scope of insider threat attacks and the spread of
malicious software like viruses and worms
 Network visibility offers fast analysis of network
usage changes and highly accurate anomaly detection
 Common compliance requirements are enforced
and reports generated for auditors
 Simplify reporting by automating the association
of user names and applications to users and their
groups.
Copyright © 2008 Juniper Networks, Inc.
‹#›
Advanced Network Protection with
Coordinated Threat Control
Applications
Copyright © 2008 Juniper Networks, Inc.
1
IDP detects network
threats
2
Signals anomaly
information to Infranet
Controller (IC)
3
IC correlates network
threat to specific
user/device
4
IC coordinates with
EX to remediate the user
‹#›
Advanced Network Protection:
Compliant Endpoint Assessment
1
Scan endpoints to assure
enabled and up-to-date
antivirus, personal
firewall, etc. Autoremediate or offer options
to self-remediate.
2
User allowed on network
with job-appropriate
access restrictions as
long as they stay
compliant.
Update AV Now
“Your AV
signatures are
out of date”
Copyright © 2008 Juniper Networks, Inc.
‹#›
Advanced Network Protection Benefits
Theirs
 Managed and unmanaged devices must comply
with usage policy before gaining network access
 Decreases malicious traffic on your network
by enforcing compliant and healthy endpoints
 Advanced network protection automatically
identifies and mitigates attacks that antivirus
software misses
 Self/auto-remediation reduces helpdesk calls
 Logging all device and user endpoint health while
denying non-compliant devices/users - common
certification requirement (e.g. PCI, HIPAA, SOX,
COBIT, etc.)
Copyright © 2008 Juniper Networks, Inc.
‹#›
Agenda
 Access Control Solutions Overview
 Access Control Solutions Architecture and
Use Cases
 The Access Control Solutions Advantages
Copyright © 2008 Juniper Networks, Inc.
‹#›
17
Address Most Critical Problems First
Theirs
ERP
Email
Back-up
TIME
Solution designed to be rolled out in phases
 Quick IT wins
 Use same infrastructure to address new issues when ready
 Saves deployment time, expenses and reduces risk
Copyright © 2008 Juniper Networks, Inc.
‹#›
Standards Based Strategy
 IEEE 802.1X switch communication
 IPsec encryption
 Trusted Computing Group’s Trusted Network Connect
(TNC)
 Simplifies leveraging existing switching and routing
infrastructure
 Integrates into existing AAA, Active Directory and Identity
Management (IdM) infrastructure
Standards allow for innovation & design flexibility
 Works with current infrastructure
 Avoid infrastructure-vendor lock-in
Copyright © 2008 Juniper Networks, Inc.
‹#›
Comprehensive Partnerships and Standards
Copyright © 2008 Juniper Networks, Inc.
‹#›
Build Out Comprehensive Access
Control Solutions
 Juniper SSL VPN for remote access protection
• Similar administrative and user experience
• Same host check software
• Result: Lower OPEX for training and rollout
 Leverage vendor agnostic 802.1X wireless and wired
infrastructure
• Control access and assign VLANs in your current infrastructure
• Result: Lower CAPEX and fast deployment
 Combine seamlessly with any Juniper Firewall
• Enforce LAN encryption for protected communication
• Layer 4 – 7 granular access controls independent or in
complement of switch infrastructure
• Result: Flexibility and high-performance
Copyright © 2008 Juniper Networks, Inc.
‹#›
Centralized Management for
Access Control Solutions (Summer 2008)
Network & Security Management
Juniper NSM
Juniper STRM
 Device Configuration
 Policy Management
Juniper
EX-series Switches
 Inventory Management
 Status Monitoring
Juniper
Intrusion Detection
and Prevention
Juniper Firewalls
 Threat Detection
 Event Log Management
 Compliance & IT Efficiency
Juniper
Infranet Controller
Juniper
Secure Access
SSL VPN
Centralized management for networking infrastructure
significantly reduces OPEX
Less to learn  Less mistakes  Faster ramp up time for new hires
Copyright © 2008 Juniper Networks, Inc.
‹#›
Bottom Line Benefits
 Access Control Solutions solve IT Challenges
 Reduce CAPEX
• Rollout in phases on existing networking and Access
Control Solutions infrastructure
• Standards and partner based strategy
 Reduce OPEX
• Centralized management and reporting
 Deploy Access Control Solutions with
EX-series Switches
• Industry-leading capabilities
• Superior network protection and security
• Differentiate and innovate your network
Copyright © 2008 Juniper Networks, Inc.
‹#›
Learn More
 http://juniper.net/access
 Highlighted Resources
• Top 5 Use Cases for NAC White Paper
• Juniper Unified Access Control and EX-series Switches
Solution Brief
 Product Information
• EX-series Switch (http://www.juniper.net/switch)
• Unified Access Control (UAC)
(http://www.juniper.net/products_and_services/unified
access_control/)
Copyright © 2008 Juniper Networks, Inc.
‹#›
Copyright © 2008 Juniper Networks, Inc.
‹#›
25
Download