About Juniper

Press Releases

Juniper Networks Enables Secure Deployment of VoIP, P2P and IM Applications

SUNNYVALE, Calif., Oct. 12, 2004 - Juniper Networks, Inc. (Nasdaq: JNPR) today announced enhancements to its NetScreen ScreenOS operating system, that will help enterprises and service providers securely deploy new services and applications, such as Voice over IP (VoIP), peer-to-peer (P2P) and instant messaging (IM). Additional enhancements to the operating system that can protect network resources from misuse and attack include integrated Web filtering, extended Deep Inspection firewall capabilities and enhanced support for Windows protocols commonly targeted for attack.

"Many organizations recognize the benefits that new applications such as VoIP and IM provide, but struggle with balancing the increasing network complexity and security risks often associated with deploying them," said Jeff Wilson, executive director, Infonetics Research. "Further, many security products can impair the application performance and reliability due to latency or poor VoIP protocol support. With this new release and its purpose-built platforms, Juniper Networks has clearly demonstrated it addresses these concerns and continues to keep pace with the security and operational needs of its enterprise and service provider customers."

Pervasive VoIP Security

VoIP solutions, like many other enterprise-class applications, require equal or greater levels of security to ensure communications are consistent and reliable. The enhancements to the Juniper Networks ScreenOS operating system, delivered in version 5.1, complement the small packet performance and low latency that the Juniper Networks purpose-built platform provides and help protect against hijacked calls as well as VoIP-specific Denial of Service attacks. VoIP security enhancements included in ScreenOS are:

  • Support for VoIP traffic across security zones - enabling secure and uninterrupted VoIP communications between users inside and outside the corporate firewall or across separate network security zones with distinct security policies;
  • VoIP-specific DoS protection - protecting VoIP resources from network-level attacks; and
  • Network Address Translation (NAT) support for both SIP and H.323 - facilitating distributed, end-to-end communication in enterprise deployments, while concealing network topologies.

Additionally, Juniper Networks integrated devices enable traffic encryption via support for the VoIP protocol in its integrated IPSec VPN function, further protecting calls from eavesdropping and tampering. Inherent stateful High Availability enables secure and uninterrupted communications between users inside and outside the corporate firewall.

To facilitate wide scale interoperability, both SIP and H.323 have been implemented according to their respective standards and RFCs. SIP interoperability testing has been performed against more than 20 vendors' offerings.

Extensive H.323 interoperability testing has been successfully completed on Avaya's Small and Medium Business Solutions group's "all-in-one" converged system for small and medium businesses, Avaya IP Office, which has been installed in 35,000 businesses worldwide since its introduction in 2002.

"We are pleased to be working with Juniper through our DeveloperConnection program to deliver capabilities that can complement our IP telephony solutions portfolio which we offer to our small and medium enterprise customers," said Pat Hume, group vice president, Small and Medium Business Solutions, Avaya.

Juniper is a member of Avaya's DeveloperConnection Program, which taps experienced business and technology market leaders selected by Avaya for their expertise in hardware, software and other services. Members are third-party developers whose communications solutions are designed to work with the Avaya product suite.

Secure Application Deployment

Extended protocol support for Juniper Networks NetScreen Deep Inspection firewall capabilities, which provide intrinsic application-level intrusion prevention capabilities, help mitigate the effects of attacks that are targeted at P2P file sharing and IM protocols. This functionality is enabled through "deep inspection" into specific traffic for the following protocols: HTTP, SMTP, IM, IMAP, P2P, POP, FTP, NetBIOS/SMB, MS-RPC and DNS, with additional protocol support planned in future releases.

Now, with extended protocol support, the robust security features and innovative intrusion prevention functionality of the NetScreen Deep Inspection firewall can provide protection against more than 650 application-level attacks and anomalies. Customers can use predefined or create customized attacks groups and assign a response based on protocol or severity, providing granular control for highly effective network protection.

Additionally, because of the application awareness provided by Juniper Networks Deep Inspection firewall technology, customers can control application usage in addition to protecting against attacks. For example, customers can allow IM chatting while denying file transfers, which can introduce risk into the network and lead to information leakage.

Increase Protection of Network Resources from Attacks and Misuse

Integrated Web filtering technology from SurfControl, which is available on select platforms, can reduce non-business-related Web surfing, allowing organizations to optimize productivity and bandwidth utilization, as well as reduce legal liabilities associated with users visiting inappropriate Websites. Juniper Networks provides the ability to implement Web filtering policies at the firewall based on URL, type of content and/or user groups that prohibit access. Customers can apply policies using pre-defined or customized URL listings.

"We recognize the challenges our customers face as they want to realize the operational value of today's VoIP, multimedia and streaming media applications without increasing the security risk," said David Flynn, vice president of products, Security Products Group, Juniper Networks. "With ScreenOS version 5.1, we are pleased to provide the functionality that will allow deployment of these applications while assuring a secure user experience by mitigating risk and increasing employee and network resource productivity."


ScreenOS version 5.1 is planned to be available in October for the integrated firewall/VPN appliances and systems. ScreenOS will be offered as a standard upgrade for current customers with an existing Juniper Networks support contract. An annual subscription fee is required to enable Web filtering. To manage devices running ScreenOS version 5.1 and establish security policies, customers can leverage the standard Web GUI.

About Juniper Networks, Inc.

Juniper Networks transforms the business of networking by creating competitive advantage for our customers with superior networking and security solutions. Juniper Networks is dedicated to customers who derive strategic value from their networks, including global network operators, enterprises, government agencies and research and educational institutions. Juniper Networks' portfolio of networking and security solutions supports the complex scale, security and performance requirements of the world's most demanding mission critical networks. Additional information can be found at www.juniper.net.

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, the NetScreen logo, are registered trademarks of Juniper Networks, Inc. in the United States and other countries.

ScreenOS is a trademark of Juniper Networks, Inc.