Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements

The annual advent of National Cybersecurity Awareness Month reminds us clearly that cybersecurity protection and resilience is a team sport and that only through partnership and collaboration can we improve our national and global capability to address the evolving risk in cyberspace.


We are amidst an ongoing transformation. One in which the benefits can outweigh the challenges, but awareness, education and following basic best practices that are embedded within daily activities are critical to protecting oneself and reducing the possibility of a breach.


   Common Criteria.jpgNIAP-assurance-technology.gif

Juniper Networks SRX and LN series platforms complete Common Criteria Certification and are listed on the NIAP Product Compliant List as Firewalls and VPN devices. 

Certifications were with Junos 12.1X46. 

The SRX1400, SRX3400, and SRX3600 were certified against the NIAP Network Device Protection Profile plus the Firewall Extended Package.

            The Security Target for these devices is located here.

            The Certification Report can be found here.

The SRX100-650 and the SRX5800 and the LN1000 and LN2600 were certified against the NIAP Network Device Protection Profile plus the Firewall Extended Package and the IPsec Gateway VPN Extended Package.

            The Security Target for these devices is located here.

            The Certification Report can be found here.

Listing on the NIAP PCL is required by Federal policy for many different cases.  First, as the NIAP PCL webpage states- “U.S. Customers (designated approving authorities, authorizing officials, integrators, etc.) may treat these mutually-recognized evaluation results as complying with the Committee on National Security Systems Policy (CNSSP) 11 National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology (IT) Products - dated June 2013 (

CNSSP 11 applies to any US Government system carrying classified data at any level and to systems carrying certain command and control traffic regardless of the classification.

NIAP PCL listing is required by the DISA Security Technical Implementation Guide (STIG)s for many product categories.  NIAP PCL listing is required for DoD Cloud providers who are handling Impact Level 5 and 6 information, and in other Federal Government acquisitions that require the NIST 800-53, rev 4- SA-4 (7) control.

Cyber threats today are evolving, becoming more sophisticated and making it critical for organizations to educate, implement and encourage employees to follow cyber best practices. In a recent RAND Corporation report, sponsored by Juniper Networks, it was projected that the cost to businesses in managing cybersecurity risk is set to increase 38 percent over the next 10 years.



I am pleased to report that the National Institute of Standards and Technology (NIST) has issued a Federal Information Processing Standard (FIPS) 140-2 Certification of the following Juniper Networks devices with Junos 14.1R4 software.


EX9204, EX9208, EX9216

M7i, M10i, M120, M320

MX240, MX480, MX960, MX2010, MX2020

PTX3000, PTX5000

T640, T1600, T4000


The FIPS certification is #2451.


This is a first time FIPS certification for the EX9200 and the PTX devices and a recertification for the M, MX, and T-series devices.  This is Juniper Network’s 56th FIPS certification and this is the most comprehensive single FIPS certification completed to date.


FIPS Certification continues to be challenging as NIST requirements evolve including the deprecation of cryptographic algorithms that were once approved and increased focus on important cryptography elements like maintaining sufficient entropy and using strong deterministic random bit generators (DRBG).


Are you ready?

If you are not doing IPv6 today, you're probably negatively impacting your users.


Network Security: It’s a Zero-Sum Game

by Juniper Employee ‎10-01-2015 11:42 AM - edited ‎10-05-2015 11:30 AM

Unite_Logo_nobackground.pngMake sure you win it with Juniper’s new network security solutions.


Cybercriminals. They’re inside your network perimeter. Already.


Read about Juniper's security innovations within the newly announced Juniper Unite architecture.


Eight Ways to Heighten Cybersecurity

by Juniper Employee on ‎10-01-2015 06:00 AM

As our world has become ever more connected, we’ve all learned common online safety tips. It’s now second nature to use strong passwords and antivirus software; take care when connecting to public Wi-Fi; and remain alert to social engineering scams (e.g., phishing).


What’s the Difference between Secure Boot and Measured Boot?

by Juniper Employee ‎09-17-2015 06:51 AM - edited ‎09-21-2015 08:56 AM

bios diagramIt seems that every day, we hear of new methods of exploiting vulnerabilities in computer systems. Most of the high-profile attacks go after servers and laptops, but embedded equipment such as networking gear is not immune. Fortunately, while the attackers get more sophisticated, the defenders aren’t standing still either.


To combat new "persistent" attacks that are hard to detect, and may be impossible to remove, system vendors are turning to two technologies, Secure Boot and Measured Boot, to provide assurance that when a platform boots, it’s running code that hasn’t been compromised.



What is a Trusted Platform Module (TPM)?

by Juniper Employee ‎09-07-2015 07:50 AM - edited ‎09-08-2015 07:37 AM

TPMMany new tablets, laptops and servers are now equipped with a small security chip called a Trusted Platform Module, or TPM, specified by an industry consortium called the Trusted Computing Group. A number of vendors make inexpensive, self-contained TPMs, and some are starting to embed TPMs in larger processor chips, making the technology easily accessible. TPM technology is now starting to appear in embedded systems such as networking equipment.



Ready to go virtual? We have what you’re looking for….

by Juniper Employee ‎09-02-2015 12:00 AM - edited ‎09-11-2015 12:36 PM

If you're like most organizations, a virtual firewall is on your list.  What should you be looking for in a virtual firewall?  read the infographic to learn what experts say should be top considerations. 

vSRX infographic.PNG


Mobile is Here....Are you Ready?

by Juniper Employee ‎09-02-2015 12:00 AM - edited ‎10-09-2015 10:23 AM

infographic.PNGMobile data traffic is expected to grow at a CAGR of around 45 percent between 2013 and 2019, resulting in a 10-fold increase over that time span...learn more about how mobile traffic will impact your network in this new infographic.


What’s Driving IPv6 Adoption? (An IPv6 Epiphany)

by Juniper Employee ‎08-03-2015 08:56 PM - edited ‎08-05-2015 10:21 AM

IPv6 graphI have been giving IPv6 presentations for years now. It is always the same pitch; the same slides on why IPv6 is important; how governments are using it, and universities, and so on. 


Trusted Computing Group and Juniper

by Juniper Employee ‎07-06-2015 08:40 AM - edited ‎07-16-2015 02:57 PM

The Trusted Computing Group held one of its Members meetings June 16-18 in Edinburgh, UK, and I was pleased to be able to attend, to participate in the work of the Technical Committee.


While TCG has quite a few activities in play, the group is best known for development of the Trusted Platform Module (TPM), a function often implemented as a small chip that serves as a “Root of Trust” for all sorts of devices that incorporate computers, ranging from phones to laptops to Internet-scale routers, offering assurance that software loaded on the device is authorized and authentic, and that machines protected by TCG technology are resistant to so-called Advanced Persistent Threats, or various kinds of attacks that cause the device to run code modified by attackers.



by Juniper Employee ‎06-24-2015 05:00 AM - edited ‎06-29-2015 11:00 AM

JUN15154_Security_infographic_062615.jpg.jpegBeing a security professional these days may seem to some like a never ending game of Whack-a-Mole. Once one problem, vulnerability or intrusion is taken care of, it seems inevitable that another problem pops up that needs whacking into submission. 


About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Ritesh Agrawal
Software Engineering

Profile | Subscribe

Michael Callahan
Vice President

Profile | Subscribe

Scott Emo
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.