Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements

This is an exciting year for me. I joined Juniper Networks and my first week, I submitted a lab proposal representing Juniper for the VMworld 2014 Hands-on Lab.  Weeks later, it was approved and two weeks ago, I finalized the lab and document.  I am so incredibly excited that for the first time ever, Juniper Networks is represented in the VMworld Hands-on Lab.

What will be covered in the lab you ask? The lab of course covers some, but not all, of our Security virtualized products.  If you would like a complete listing of these products, please review my previous blog post.













The Hands-on lab for 2014 is lab


HOL-PRT-1472 : Juniper Virtual Security for the Enterprise and Service Provider Environment


covers Juniper Junos Space with Security Director and Virtual Director, Firefly Perimeter, and DDoS Secure.  The agenda for the lab is:





Juniper Virtual Security for the Enterprise and Service Provider Environment


Lab Overview


Juniper Junos Space 101

            Introduction to Space

            Introduction to Virtual Director

            Introduction to Security Director


Managing Your Physical and Virtual Infrastructure with Juniper Junos Space

            Use Cases for Juniper Junos Space and Firefly Perimeter

            Deploying Firefly Perimeter

            Virtual Director – Greater Detail

            Security Director – Greater Detail

            Why Juniper for Your Physical and Virtual Infrastructure


Juniper DDoS Secure

            Why Juniper DDoS Secure

            Introduction to Juniper DDoS Secure

            Introduction to Juniper DDoS Secure UI

            Configuration of Testing Environment

            Low and Slow Attack


If you are interested in taking the lab, the hours are:


  • Sunday, August 24: 9:00 am – 7:00 pm
  • Monday, August 25: 10:30 am – 7:00 pm
  • Tuesday, August 26: 10:30 am – 6:00 pm
  • Wednesday, August 27: 8:00 am – 5:00 pm
  • Thursday, August 28: 8:00 am – 3:00 pm


Information on the Hands-on Labs


I look forward to seeing you there! Make sure you stop by and say hi!!!


A Holistic Approach to DDoS Mitigation and DNS Availability

by Juniper Employee ‎07-17-2014 05:00 AM - edited ‎07-16-2014 05:20 PM

Today organizations need to be prepared for a number of different types of DDoS attacks on their networks. Today Juniper Networks announced several new enhancements that allows its DDoS Secure solution to help the network better defend itself by using routers as enforcement points.  


Juniper Networks has the ingredients and lineage to remain one of the top three players in network security, according to a report by Jeff Wilson, principal analyst with Infonetics Research. See what he had to say after attending Juniper's annual Industry Analyst Event.



As I was reading this article describing examples of certain healthcare practitioners using data mining and analytics of patients’ lifestyles (e.g. foods they eat, activity levels, where they live, etc.) to help predict their risk factor for ailments, I started to draw a parallel to the state of the network. I was thinking about how security analytics of a network may help predict the onset of a data breach. The common goal in both cases, human and network, is to maintain a certain level of health – call it an “equilibrium” state, one that doesn’t require immediate intervention or repair.


Inspired by the table shared in the article describing what certain collected data about a patient could indicate about his/her health habits, I came up with a table containing types of network state related which could be indicators for a potential data exploit/breach.


State of Network


Weak password for an online account

This could allow a hacker to uncover the password (by using automated tools), gain access to user data (name, address, phone #, bank account/credit card data) and perform unauthorized transaction (e.g., purchase of product/service or withdrawal of money from bank account) on the user’s behalf.

Multiple unsuccessful attempts to search for usernames and passwords via Web browser exploitation techniques

This could result in a data breach.

Improper isolation of HR records, financial, medical, credit/debit card, or other PII data within Enterprise data center/private cloud network

This could inadvertently allow an insider (e.g. employee) access to the network for obtaining and selling data on black market for profit.

Excessive communication requests to a Web server or other resource, slowing it down considerably or rendering it unavailable

This could indicate someone is trying to gain access to the server for malicious intent.

No application layer protection at Enterprise edge

This could allow a hacker to launch an application-layer attack and access data for further exploitation.


Enterprise and service providers would benefit greatly from self-monitoring and constantly improving the health of networks, to minimize the possibility of a data breach.


One of the ways to do this is via technology, including application-aware, next generation firewalls, and strong SIEM solutions and network security management solutions (for firewall management), which provide visibility, analyze network security posture, and alert administrators about unusual network activity.


In addition, humans themselves should be held accountable for security. For one, it is imperative that the IT security team is proactively monitoring the network security posture, carefully balancing access to certain network resources, applications and data with control over the same. In addition, trust plays a big role in maintaining security and privacy, so it is ultimately the responsibility of individuals (business owners and employees) to not exploit data for personal gain.



July 2014 Microsoft Patch Tuesday Summary

by Juniper Employee ‎07-08-2014 06:57 PM - edited ‎07-08-2014 06:57 PM

It’s Microsoft Patch Tuesday! In the July edition there 6 updates; two are marked "Critical", three are rated "Important" and one is rated "Moderate”. A total of 29 vulnerabilities were fixed over 6 bulletins this month. One of the Critical update MS14-037 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 23 CVE's (Common Vulnerability and Exposure) including one publicly disclosed vulnerability.




Why Protection Profiles Matter in Common Criteria Certification

by Juniper Employee ‎07-01-2014 08:50 AM - edited ‎07-01-2014 08:50 AM

EAL 4 Level Common Criteria Certifications without the appropriate protection profile are like Nigel Tufnel carrying on about his amplifiers in This is Spinal Tap- Much Ado About Nothing.



Security is CORE

by Juniper Employee ‎07-01-2014 06:00 AM - edited ‎07-07-2014 10:00 AM



As a three year “veteran” at Juniper, I have seen the evolution and uptake of Juniper security solutions by customers to solve their key business challenges. Security is CORE for Juniper and our customers.


Customer Centric

Juniper’s security solutions solve customers’ most important challenges, as they demand hybrid cloud environments and build high IQ networks. Juniper’s security solutions don’t hinder cloud adoption. Rather, they enable secure, reliable clouds. Our newest security offerings (DDoS Secure, WebApp Secure, and Spotlight Secure) employ advanced techniques to detect and mitigate advanced threats with greater efficacy than traditional security solutions, helping customers achieve faster ROI, increase operational efficiency, maintain brand reputation and drive customer loyalty.


Open Platform

The Junos platform, on which many of our security offerings, including SRX firewalls, are based, offers a revolutionary software platform that allows customers to directly program their networks and run applications developed by an ecosystem of partners for rich user experiences, smart economics, and fast time to market. We don’t restrict customers in terms of how they want to build, optimize and scale their networks and associated security. In fact, recently, we even extended the ability for customers to leverage the proven Junos-based SRX firewall in virtualized environments by launching Firefly Perimeter in January 2014. Firefly Perimeter addresses the new security challenges required to protect virtualized and cloud environments for enterprises and service providers by leveraging the same advanced security and networking features of the Branch SRX Services Series Gateway in a virtual machine format.


Revenue Generating

In terms of market share, Juniper continues to lead in the high-end firewall and SSL VPN markets* and strengthen its offerings in these categories. For example, in anticipation of growth in the adoption of next generation firewalls, Juniper just released new enhancements to its SRX Series Services Gateways.  These next-generation security products help customers protect against threats and control what’s on their network without adding a heavy administrative burden.


Also, Juniper’s high-end SRX5400 Services Gateway was recently awarded at the Interop Tokyo 2014 event. It received the Best of Show Award Grand Prix in the ShowNet Product category and the Best of Show Award Special Prize in the Security category. The SRX5400 is the latest offering in our SRX Series portfolio, based on a revolutionary new architecture, and uses new line cards to provide market-leading connectivity, performance and service integration.


Evolution through Innovation

Every day, Juniper Networks is helping our customers build the best networks on the planet. Every innovation we envision and every technology we create is informed by our desire to help solve our customers’ toughest challenges so they can compete and thrive today and into the future. Our solutions really make a difference by helping to “connect everything” and “empower everyone”.


And, just to underscore Juniper’s resolve to deliver what customers need, we’ve embarked on a journey where we ask our customers to partner with us -- to co-create and deliver secure hybrid cloud ecosystems and highly intelligent networks of the future. Gone are the days when customers would be at the receiving end of “marketing” speak, sold a product, and then just left to their own devices. Now, you can be part of the action early on. So, are you ready to join Juniper and together embark on the “Bridge to the Future”, as our CEO, Shaygan Kheradpir, so eloquently puts it?


*Source: Report: Infonetics Network Security Appliances and Software, Jeff Wilson, May 30, 2014


It’s a familiar routine and not just for comedy duo Abbott & Costello. It’s familiar for any network administrator or security expert. How do you know what applications are running over your network? How do you know who’s doing what in your infrastructure?



June 2014 Microsoft Patch Tuesday Summary

by Juniper Employee ‎06-11-2014 07:40 PM - edited ‎06-11-2014 08:32 PM

Welcome to the June edition of Microsoft Patch Tuesday Summary. In this edition there are 7 updates out of which 2 are marked "Critical" and 5 are rated "Important". A total of 66 vulnerabilities got fixed over 7 bulletins this month. Internet Explorer received patches for a whopping 57 vulnerabilities including fix for one of the publicly disclosed vulnerability(CVE-2014-1770).


Here is a list of vulnerabilities fixed in today's Patch Tuesday release




Trusted security “informant” Brian Krebs just shared that the United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at post office locations across the United States. Alarming, right? We’ve heard umpteen times about various retail brick and mortar stores falling victim to payment card skimmers, but here’s a first.


Moreover, according to the Verizon 2014 Data Breach Investigations Report, payment card skimming, is one of just nine total patterns of threats which are tied to 92% of the 100, 000 security incidents analyzed over the last 10 years. And, according to the same study, this type of criminal activity has been primarily targeted at the Finance and Retail industries to date. Looks like perpetrators are looking for a wider range of targets.


What is further disturbing is that now it has become somewhat easier for would-be criminals to more surreptitiously steal data. For one, they can purchase skimming devices that are Bluetooth enabled, which allows them to download the track and PIN data easily and remotely, from the safety of a parking lot! In addition, they can get skimming devices with built-in SIM cards, allowing for remote configuration, remote uploading of data, and tampering alerts that, if triggered, can cache the data and send it out immediately to the thieves, making it difficult for the victims to discover that there has been a data exfiltration.


Given the recent multiplicity of payment card skimming occurrences targeted at retail and post office locations, I have become quite wary of shopping using my credit and debit cards. Are you, too? The thing is, it’s convenient to pay by card vs. cash. 


Still, prevention is better than cure. If you aren’t already, take note of and follow Verizon’s suggestions. I certainly plan to:

  1. Protect the card PIN by covering it with a hand to block any possible miniscule cameras that may be recording as you enter it.
  2. Be mindful of surroundings – if you see multiple payment card devices installed, just check if they all look “the same” – should the device you are about to enter your card into look different from the others, don’t use it.
  3. Inform the merchant and/or bank if something seems out of place (e.g., the payment card device appears to have been tampered with, or someone seems to be attaching a foreign object to the device, etc.) so they can investigate the matter.

Safe shopping everyone!



NIST Deprecates TLS 1.0 for Government Use

by Juniper Employee ‎05-14-2014 01:27 PM - edited ‎05-14-2014 01:27 PM

The National Institutes of Science and Technology, ups TLS requirements.  Are you ready?



Are There Secrets behind the RX in SRX?

by Distinguished Expert ‎05-14-2014 11:58 AM - edited ‎05-14-2014 02:18 PM

UADimage.jpgFor the fourth year, we organised “Westcon Juniper 5daagse.” During this five-day  event, where Juniper and Westcon Security presented commercial and technical news, I was given the opportunity to run a technical presentation on SRX devices.

After careful consideration, I decided not to talk about security, but about all the other features of this product line. I talked about routing and switching, features and protocols. To my surprise, much of my presentation was news for many engineers in the audience. Because of this, I decided to write this blog, as well as enlist my friend Valentijn to draw some of his famous pictures to make things even more clear.



May 2014 Microsoft Patch Tuesday Summary

by Juniper Employee ‎05-13-2014 10:10 PM - edited ‎05-13-2014 10:28 PM

Microsoft recently issued an out of band update to patch the widely exploited IE 6-11 vulnerabliity (CVE-2014-1766) and now its time for their scheduled monthly Patch Tuesday updates. In the May edition there are 8 updates out of which 2 are marked "Crticial" and 6 are rated "Important". A total of 13 vulnerabilities got fixed over 8 bulletins this month. 








Network security is only as good as the ability to easily manage it. If you have a complex security network with multiple firewalls, policies, and administrators, it is essential to have a simple and scalable way to manage them all. In fact, Gartner’s most recent Magic Quadrant for Enterprise Network Firewalls report specifically calls out scalable management as a critical component of Network Firewall solutions.


Our Juniper SRX (physical firewall) and Firefly Perimeter (virtual firewall) customers want the best way to easily manage their firewalls and policies—and that way is via Junos Space Security Director. Fortunately, as an application on the Junos Space Network Management Platform, Security Director can easily scale to meet the needs of our customers–whether you’re an enterprise who will expand your reach into new markets or a service provider who needs to provide reliable and secure application and service access to your clients in a way that’s in line with your Service Level Agreements (SLAs).


We built the Junos Space platform from the ground up for scale, and Security Director directly benefits from this:

-          Junos Space can manage thousands of Junos devices (including SRX firewalls)

-          Instantly scale by simply adding or deleting nodes on the network fabric

-          Readily extend the number of concurrent administrators supported


Now, the latest Junos Space Security Director V13.3R1 software release introduces enhanced centralized management for SRX and Firefly Perimeter deployments, having added:

-          Security Event Logging via Junos Space Log Director so you can aggregate and filter events based on certain criteria such as Source/Destination IP/application/service

-          UTM Support, which allows policy configuration for Web filtering, antivirus, and anti-spam

-          Role-Based Access that lets you segment administrative responsibility such that you can place devices, policies and objects within domains and then assign read or read/write permissions 


Many customers have been waiting for these capabilities, and I’m delighted to share this good news! Stay tuned for further Juniper innovations based on what you’ve been telling us you need.


About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Security Sales

Profile | Subscribe

Scott Emo
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning

Profile | Subscribe

Edward Roberts
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.