About Juniper

Press Releases

Juniper Networks Secures and Assures SIP-Based VoIP Services with Dynamic Threat Mitigation

Solution Enables Service Providers to Deliver Protection from SIP Attacks, Malware and Denial-of-Service Attacks

LOS ANGELES, Oct. 25, 2005 - At the Internet Telephony Conference and Expo, Juniper Networks, Inc. (Nasdaq: JNPR) today announced its Dynamic Threat Mitigation solution that enables service providers to offer enterprise and residential customers enhanced security and assurance of network services, including voice-over-Internet-protocol (VoIP) communications. The solution encompasses Juniper routers and intrusion detection and prevention (IDP) systems with Juniper's service deployment system (SDX) software to prevent session initiated protocol (SIP) attacks, worms and denial-of-service attacks from impacting SIP-based voice communications and network services.

Businesses are turning to IP telephony to reduce costs by consolidating multiple services onto a single IP network, but this new medium is opening the door for additional security threats. SIP, the VoIP signaling protocol, can act as the mechanism to launch attacks against SIP servers, soft phones or other network devices and endpoints. A SIP denial of service attack can occur when a flood of INVITEs to the SIP server overwhelms it, limiting or completely stopping the ability to respond to legitimate requests. This could ultimately bring down the entire VoIP network. Juniper Networks' Dynamic Threat Mitigation solution protects against these attacks by allowing service providers to identify the attack on a per user or per-application basis. The attack can then be prevented quickly and effectively using a combination of policy enforcement, dynamic policy control and intrusion detection and prevention techniques.

"With more services being pushed across the IP network, it is essential to also maintain increased levels of security and control to ensure services delivered to the enterprise or residential customer are not compromised," said Scott Heinlein, senior marketing manager of voice solutions for Juniper Networks. "Juniper's combined use of intrusion detection and prevention with our service deployment system is a natural and very useful progression that provides threat protection to the edge without disrupting the customer's environment or installing new equipment at the customer location."

How Dynamic Threat Mitigation Works

An attack on a VoIP network might begin as a malicious denial-of-service attack on a SIP server, or when a worm infected subscriber unknowingly begins to flood the network with traffic. Juniper's IDP product detects the offending traffic and notifies the IDP Manager. The IDP manager then generates requests to Juniper's SDX system, which dynamically invokes the appropriate policy to control subscriber and traffic flows as defined by the service provider. The SDX policy server can signal Juniper's routing platform to rate limit or filter the subscriber's traffic to protect assets and help prevent additional subscriber infection.

If the IDP product identifies that the VoIP subscriber is infected with a worm, it signals the policy server to quarantine and notify the subscriber. The policy server re-directs the subscriber to a captive portal Web page that provides notification of the VoIP attack along with Web links that provide assistance with remedying the situation. Policies are updated dynamically and allow the user to resume normal activity once their computer has been cleared.

Demonstration at Internet Telephony Conference

Juniper Networks will be showcasing its Dynamic Threat Mitigation solution at the Internet Telephony Conference and Expo held at the Los Angeles Convention Center, October 25-27 in Los Angeles. This and other secure and assured VoIP networking solutions will be demonstrated at the company's Internet Telephony booth #432.


The Juniper Networks Dynamic Threat Mitigation solution is available today from Juniper Networks and requires the Juniper M-series or E-series router, IDP and SDX products. Existing customers using the M or E-series router, IDP or SDX products can implement the Dynamic Threat Mitigation solution by adding the additional required components. For more information, please visit https://www.juniper.net/solutions/broadband/.

About Juniper Networks, Inc.

Juniper Networks is the leader in enabling secure and assured communications over a single IP network. The company's purpose-built, high performance IP platforms enable customers to support many different services and applications at scale. Service providers, enterprises, governments and research and education institutions worldwide rely on Juniper Networks to deliver products for building networks that are tailored to the specific needs of their users, services and applications. Juniper Networks' portfolio of proven networking and security solutions supports the complex scale, security and performance requirements of the world's most demanding networks. Additional information can be found at www.juniper.net.

Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.