ABOUT THE AUTHOR(S)
John Weidley is a Resident Engineer with Juniper Networks. He is certified in Juniper Networks as JNCIS-SEC, JNCIS-SSL, JNCIA-FWV, and JNCIA-EX, and has worked closely supporting U.S. Government agencies for the last 15 years.
What got you started on this book?
There are hardening guides for other operating systems and a Junos hardening guide is long overdue. Over the years there have been many useful security features developed and built in to Junos but, unfortunately, they are not documented in one single place. This book brings them all together which should be a real time saver.
Network Auditors, Security Engineers, and Network Engineers will all be able to get something from this book. Security books usually go into a lot of detail about policy and theory, so sometimes non-security engineers become uninterested and stop reading. There is some discussion about security policy in the beginning of the book but it's short, to the point, and provides a good foundation. I tried to write this book from a Network Engineer’s perspective with enough security related detail to provide meaningful context.
After reading this book, what's the take away?
I guess the biggest take away from the book is every organization has unique security requirements and Junos software has many features that can be used to help you meet those requirements. With this book I didn’t want to make general statements like “if you don’t enable this feature, your device will be insecure”. I tried to introduce a topic, provide a brief introduction, identify possible risks, and present possible solutions. Ultimately, it's up to you and your peers to choose the features that will meet your company’s security policy.
What are you hoping that people will learn from this book?
I hope that readers see the benefits of a single OS and the inherent security features built into Junos. I also hope they see how it is possible to secure their Junos devices while still maintaining operational functionality.
What do you recommend as the next item to read after this book?
This book does not provide in-depth background information about features or provide commands to verify proper operation. It introduces scenarios and options to enhance the security of the device. I would recommend reading the references in the book to provide additional context. To name a few:
- Junos Cookbook - Provides solid background information and commands to verify proper operations of specific features.
- Junos High Availability - Provides a practical operational approach on many topics that contribute to a highly available network, to include SNMP planning, Out-of-band management, scripting and introduces device and network based security.
- Doug Hank’s Day One guide on Securing the Routing Engine. Although this book takes a different overall approach to writing firewall filters it does provide a lot of foundation and reference information.
I am a Resident Engineer, which means I am onsite with my customer every day. I’m frequently asked if there is a Hardening guide for Junos or if I could translate other vendor security hardening commands to Junos. There is a definite need for a hardening Junos guide and I was happy to share what I know to give back to the Junos community.
What's your favorite bit/part in the book?
My favorite part of the book would probably be the physical security section. It may not be as glamorous as the Network security portions but I would say that they are the least explored. Engineers sometimes avoid the features in this section because they think it could negatively impact operations and/or recovery. I hope that this chapter provides enough information so engineers won’t be so apprehensive about using them.
