• See Also
• J-Security Center
• Service Provider Newsletters

• Related Products
• J-series
• M-series
• T-series
• SDX Service Deployment System
• Firewall / IPSec VPN
• SSL VPN
• Intrusion Prevention
• Customer Services

• Webcasts
• Securing 3G Mobile Networks
• Secure and Assured IMS/FMC Infrastructure for Service Providers
• Successful IPS Managed Services for Service Providers
• Picture the Profit: VoD Services for Service Providers
• Successful SSL VPN Managed Services for Service Providers
• VoIP Managed Services Mean Business for Service Providers
• The Evolving Role of Session Border Control
• Carrier Ethernet

Network Security

Introduction

Public IP networks must be as reliable and secure as the traditional telephone networks being integrated into them.

Ensuring IP network security is a complex undertaking. Operators must always be alert to new security threats and glitches. Responding to vulnerabilities can create new issues, and adjustments can lead to IP networks with more holes than barriers. Meanwhile, the stakes are higher than ever, as providers not only migrate traditional services to IP, but also roll out new IP-based content, video, and gaming services.

Juniper Networks has developed a comprehensive approach to defending provider networks and users at all critical service-delivery points, from the application out to the edge of the customer network. Our routers, firewalls, Intrusion Detection and Prevention (IDP), and session border controller (SBC) platforms offer superior scalability, without compromise, to meet the high capacity, performance, and reliability requirements of public service infrastructures.

Description

Sources of attack on service provider networks are many, including aggressive, calculated assaults, compromised user systems, proliferating problems from interconnected networks, and damage inflicted from within a provider's own network.

Juniper Networks helps providers protect their IP networks from these increasingly frequent and sophisticated attacks. Our Dynamic Threat Mitigation solution provides security and protection against new, fast-spreading application-level threats. Our routers provide a hardened foundation that stands up to denial of service (DoS), distributed DoS (DDoS), and other brute force attacks. Our firewalls and IDP platforms provide network security at critical delivery points, including application nodes, network gateways, and service data centers, and within the OSS (or DCN) network.

Dynamic Threat Mitigation

Increasingly sophisticated application-level threats that spread quickly from one user to another, such as worms, Trojans, spyware, malware, and other emerging attacks, are among the most challenging security issues in provider networks. Our Dynamic Threat Mitigation solution protects against these fast-moving assaults, including specific attacks on IP telephony systems and devices. The approach calls for merging several complementary products, to identify new attacks on a per-user or application basis and then to quickly and effectively implement mitigation measures. Juniper Networks M-series or E-series routers, the Service Deployment System (SDX), and Intrusion Detection and Prevention (IDP) products work together to protect assets and prevent the spread of infection to other subscribers. When the IDP platform detects an attack in the network, it passes the information to the SDX platform, which then instructs the edge routers to rate limit or filter the offending subscribers' traffic.

Combating Bots and Mitigating DDoS Attacks825 KB
This document describes how service providers can take a proactive role in combating bots and mitigating security threats such as distributed denial of service attacks (DDoS).

Dynamic Threat Mitigation Solution117 KB
Juniper Networks Dynamic Threat Mitigation solution protects against network security attacks.

Dynamic Threat Mitigation in a VoIP Environment672 KB
Juniper Networks Dynamic Threat Mitigation solution protects against network security attacks on VoIP infrastructure.

Converged Networks

The foundation of the secure converged network is a common, hardened infrastructure with logical separation of services and traffic into virtual groups that are secured from one another. Juniper Networks T-series and M-series routing platforms share a common architecture that separates routing, forwarding, and services functions to protect and scale each key system component. Advanced security features deliver industry-leading control-plane protection, so that software stability can never be compromised by DoS, DDoS, and other packet flooding attacks, and the console port is always available to enter new filters. Juniper Networks firewall and IDP products provide additional layers of protection to the converged network, by enabling secure zones and defending against application-level attacks.

Juniper Networks FMC Security Solution: Integrated Security for Layered Protection396 KB
To secure the next generation of converged fixed and mobile networks, Juniper offers multilayered security solutions including access control, router-based security, firewalls and Intrusion Detection and Prevention systems (IDP).

Securing Provider Backbone Networks: Packet Filters, Traffic Shaping and Related Best Practices558 KB
White paper detailing equipment and feature requirements, as well as best practices, for infrastructure security in the service provider environment.

Application Nodes

With growing numbers of application-based services, providers must protect many different types of application nodes, including VoIP call managers, media gateways, video servers, content servers, and email servers. Juniper Networks security products provide linear performance for all packet sizes, up to gigabit levels to support any application, including low latency VoIP and video streaming.

Juniper Networks NetScreen-5000 series are purpose-built, high-performance firewall/VPN security systems designed for carrier and other high-capacity networks. The high-performance Integrated Security Gateway (ISG) integrates best-in-class Deep Inspection firewall, VPN, DoS/DDoS protection, and optional Intrusion Detection and Prevention (IDP).

Network Gateway Security

Security gateways provide protection against problems occurring in other operator or country networks. Filtering inbound traffic for anomalies and examining it for application-level attacks can stop problems from spreading from one network to the next. The Juniper Networks NetScreen-5000 series integrates firewall, VPN, DoS and DDoS protection, and traffic-management functions, in a low-profile modular chassis. The Integrated Security Gateway (ISG) integrates these same security functions, along with an optional module for Intrusion Detection and Prevention (IDP).

OSS/DCN Networks

The OSS network, also known as the Data Communications Network (DCN), is critical to provider operations. As part of its overall security stance, providers must protect monitoring and management platforms, billing systems, and other service-critical OSS elements.

For these networks, Juniper offers a complete line of security products, ranging from systems for the smallest offices to the largest networking centers, and including remote access solutions for employees who may access management systems from home. Our firewall products offer strong security for access control, user authentication, and network and application-level attack protection. Our IDP line provides inline attack protection against application-level attacks. Our SSL appliances combine VPN and endpoint security policy-setting, scanning, and enforcement into a single, clientless system for providing remote access to the OSS infrastructure.

Service Data Center

Juniper Networks solutions for the data center include advanced security, application acceleration, and network gateways. Our Integrated Security Gateway (ISG) platforms are uniquely engineered to provide Deep Inspection firewall, VPN, IDP, and DoS protection in one integrated device for critical, high-traffic network segments. Our application acceleration platforms not only speed up page loads and secure transactions, but also enable far greater efficiency in bandwidth and server consumption. The unique combination of our M-series reliable hardware architecture, single modular OS, and high multi-Gbps performance adds up to the optimal solution for data center gateways.