Technically Secure
Krishna

Proactive Security – Divide and Conquer

by Juniper Employee on ‎09-23-2008 03:21 PM

As a long distance runner, completing a marathon felt like a formidable task. Assigning a time target for the 26.2 mile race seemed almost impossible. The strategy that has worked for me is to break the race into 5 parts of 5 miles each (last one being 6.2 miles) and assign time targets that would collectively help me reach my time goal.  A similar approach can work with securing the network – divide and conquer.

 

In security parlance this is referred to as layered defense, where each part is a layer targeting specific threats. The first and most important layer is the network edge protection – deployed at the perimeter or in a data center.

 

I believe the essential technologies that form the network edge and protect your networks include FW, VPN, DoS Protection and Content validation.

 

  • Firewall – Flexible access control all the way from Layer 2 (datalink layer) to Layer 7 (application layer) is very important. Access control based on users and roles rather than IP addresses is becoming more relevant these days with the huge amount of mobility options out there. On this front, integration with a Network Access Control (NAC) framework is necessary, and the good news is there is a standardization effort in this space. You can read more about this in my colleague Steve Hanna’s blog: Got the NAC
  • Virtual Private Networks (VPN) – The perimeter security solution should provide options for secure tunneling of data (VPN) between sites and telecommuting clients from the Internet.
  • Denial of Service (DoS) Protection  – DoS and DDoS (Distributed Denial of Service) continue to be a vector of attack against publicly hosted services with botnets as the most common sources.  You need a solution that can signal into the cloud to filter the attack traffic at the ISP network edge or earlier, thereby freeing the final hop for the clean traffic. Check out additional efforts standardization at  Dissemination of flow specification rules
  • Protocol/Content validation – The capability to inspect application data for protocol anomalies and attacks is necessary as software vulnerabilities are constantly popping up and it is difficult to keep all the systems patched up to date. The solution must be dynamically updated with the latest protection pack without requiring any downtime in order to secure your network.

 

Let me know if you have any additional thoughts and/or questions about securing the network edge!

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Labels
About the Author
  • Krishna is a Distinguished Engineer in the Service Layer Technologies group at Juniper. He's currently working on DPI technology initiatives in products targeted at service providers and enterprise markets. Krishna has 19 years of experience in data networking involving Ethernet, ATM, IP, Switching and Security technologies. He has authored 10 patents in the areas of switching, security and QoS. He was actively involved in the IEEE 802.1 and ATM Forum standards committees. Prior to Juniper, he was the co-founder and System Architect at Top Layer Networks where he played a pivotal role in bringing multiple products to the market. He has also held senior engineering roles at Digital Equipment Corporation and Fore Systems.
  • As a Solutions Architect and Leader of Enterprise Solutions Engineering, Lior Cohen is responsible for developing reference architectures and best practices utilizing Juniper products. He has been designing and building enterprise networks and security solutions for over a decade and has helped several Fortune 500 companies develop risk mitigation strategies and implement information security technologies. Prior to joining Juniper, Lior was Chief Technology Officer for a privately held information security consulting firm where he led multi-national consulting and auditing engagements for the financial services and real estate sectors. He also filled various roles at Check Point Software, including leading the company’s Solutions Center. He holds a Bachelor’s degree in Economics and Information Systems from Tel Aviv University.
  • Michael Rothschild is the Senior Manager of Solutions Marketing at Juniper Networks, responsible for security solutions for the enterprise. When he’s not busy helping customer’s understand the importance of a solutions focus to address the new security threats affecting business, Michael is a professor of marketing and volunteers as a paramedic.
  • Rich Campagna, Senior Product Manager in the Access Business Group is responsible for business strategies, product development, partner interactions and customer engagements to help drive the growth of Juniper Networks' Unified Access Control and SA Series SSL VPN solutions. Rich is also an avid snowboarder and motorcyclist (not at the same time).
About Technically Secure
Welcome to Technically Secure, the Juniper Networks blog dedicated to trends and innovation in the world of IT risk management and security. Here we'll offer technical perspectives on network security, covering things happening within Juniper Networks as well as issues across the industry as a whole. Our mission is simple: explore ideas, share information, and provide insight that will help you take a proactive stance on threat and risk mitigation.

Our primary objective is to explore technical IT security issues as business and technology challenges that could compromise the effectiveness of enterprises and service providers. We'll share our strategies for staying ahead of today’s rapidly changing threat landscape and focus in particular on innovation in network security technologies.

We’ve assembled a great team of bloggers to kick off these conversations with you, but we encourage your participation. If there's a topic that you'd like us to cover, let us know by commenting on the blog. We’re not just talking — we’re listening.

Our Bloggers Krishna Narayanaswamy,
Distinguished Engineer


Krishna is a Distinguished Engineer in the Service Layer Technologies group at Juniper. He is currently working on DPI technology initiatives in products targeted at service providers and enterprise markets.

Krishna has 19 years of experience in data networking involving Ethernet, ATM, IP, Switching and Security technologies. He has authored 10 patents in the areas of switching, security and QoS. He was actively involved in the IEEE 802.1 and ATM Forum standards committees.

Prior to Juniper, he was the co-founder and System Architect at Top Layer Networks where he played a pivotal role in bringing multiple products to the market. He has also held senior engineering roles at Digital Equipment Corporation and Fore Systems.

Michael Rothschild,
Senior Manager
Solutions Marketing


Michael Rothschild is the senior manager of solutions marketing at Juniper Networks, responsible for security solutions for the enterprise.

When he’s not busy helping customer’s understand the importance of a solutions focus to address the new security threats affecting business, Michael is a professor of marketing and volunteers as a paramedic.

Lior Cohen,
Solutions Architect


As a Solutions Architect and Leader of Enterprise Solutions Engineering at Juniper Networks, Lior Cohen is responsible for developing reference architectures and best practices utilizing Juniper products. In his free time, Cohen enjoys mountain biking and spending time with his children.

Rich Campagna,
Senior Product Manager


Rich Campagna,
Senior Product Manager in the Access Business Group at Juniper Networks is responsible for driving the business strategies, product development, partner interactions and customer engagements to help drive the growth of Juniper Networks' Unified Access Control and Secure Access SSL VPN solutions. Rich is also an avid snowboarder and motorcyclist (not at the same time).

Blogroll
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.