This Week: Hardening Junos Devices, 2nd Edition

This book is part of the Day One Fundamentals Series, a growing library of network fundamentals that welcome engineers to the Junos OS and Juniper Networks.

Harden your organization’s security posture this week with this newly revised Second Edition and it’s companion checklist.

Juniper Networks takes the security of its products very seriously and has created proven processes and procedures following industry best practices. This Week: Hardening Junos Devices, 2nd Edition divides Juniper’s hardening procedures into four topic areas – Non-Technical, Physical Security, Operating System Security, and Configuration Hardening – and delves into sample strategies, example configurations, and dozens of suggestions and useful tips for implementing each hardening process. All features discussed in this book are available and tested in Junos 12.3 (current recommended code) and for some features the book discusses options available in later code releases.

Encyclopedic in its coverage, This Week: Hardening Junos Devices, 2nd Edition is a book you can- not afford not to read. The author’s 15 years of experience supporting U.S. Government agencies makes it applicable to high security environments such as service providers, financial institutions, government, and enterprise networks. But it’s also pertinent to the devices in your wiring closet and branch office. Once you take care of the physical security, you can harden your Junos device to resist attacks and diversions, as well as the careless mishaps that haunt even the most experienced network engineer. This book also includes a handy checklist you can print or copy for each device you control.

“The best network design will not help you if you forget to thoroughly secure and harden your network devices. This book is particularly welcomed by those taking their first steps into the Junos world - it helps map concepts from Cisco IOS into various Junos dialects as well as covering all the bits and pieces you might never even consider, like securing the LCD menu.”

- Ivan Pepelnjak, Network architect, AG,

Learn how to harden your security posture this week:

  • Review the non-technical aspects of device management that are so critical to the overall security posture of your organization.
  • Understand how physical security is an important aspect of device deployment.
  • Understand and deploy the Junos operating system’s inherent security features.
  • Identify important management, access services, and user account restrictions to provide least privileged access.
  • Configure route authentication for popular routing and signaling protocols.
  • Create and apply a firewall filter to protect the routing engine.

Sample Pages

Download Book

Day One books are a free download for our J-Net members*. If you’re not a J-Net member, create a user account now. It’s fast and there’s no commitment or spam. Once you’re a member you can come back and download any of the Day One books.

Download: J-Net Member
Download: Not a J-Net Member

* If you have an existing Juniper user account, you can use it to login to J-Net

About the Author

John Weidley is a Resident Engineer with Juniper Networks. He has been certified in Juniper Networks as JNCIS-SEC, JNCIS-SSL, JNCIA-FWV, and JNCIA-EX, and has worked closely supporting U.S. Government agencies for the last 20 years.

Author Q & A

What got you started on this book?

I ran into Tom Van Meter, System Engineering Manager, in the office and he was talking about how useful a Junos Hardening guide would be. When customers bought a new product, we could hand them the hardening guide and that would help them secure the device and get it on the network quickly. After I agreed that it was a good idea, he suggested that I write the book.

The first edition consolidated the documentation for Junos security related features and organized it in logical categories. Since security is always evolving and new features must be developed to keep pace with emerging threats, the Second Edition covers the new security features that Juniper has incorporated into Junos and clarifies some common questions asked from the first edition.

Who is this book for?

Network Auditors, Security Engineers, and Network Engineers will all be able to get something from this book. I wrote this book from a Network Engineer’s perspective with enough security related information to provide meaningful context. Hopefully the sample code in the Junos Automation section in the second edition will inspire coders/scripters to explore developing their own solutions.

After reading this book, what's the take away?

The biggest take away from the book should be that Juniper is fully committed to every aspect of our products, everything from supply chain integrity to kernel level program execution. While doing research for the second edition, I met with Brad Minnis, Senior Director of Corporate Environmental, Health, Safety & Security for Juniper Networks, to discuss supply chain integrity and brand integrity. After that long conversation I was impressed that Juniper puts as much effort into logistics as it does the technical aspects. Read the Supply Chain Integrity section and references to get a high level introduction.

What are you hoping that people will learn from this book?

I hope that readers see the benefits of a common code-base, the inherent security features built into Junos and features to address new threats. I also hope they see how it is possible to secure their Junos devices while still maintaining operational functionality.

What do you recommend as the next item to read after this book?

  • Junos Cookbook - Provides solid background information and commands to verify proper operations of specific features.
  • Junos High Availability - Provides a practical operational approach on many topics that contribute to a highly available network, to include SNMP planning, Out-of-band management, scripting and introduces device and network based security.
  • Doug Hank’s Day One guide on Securing the Routing Engine. Although this book takes a different overall approach to writing and applying firewall filters it does provide a lot of foundation and reference information.
  • Junos Automation series. Great books to get you started with Junos automation.

What's your inspiration?

I like troubleshooting, learning new things and developing solutions for tough problems. I also enjoy sharing the knowledge I have with anyone that is willing to learn. The success of the first edition was humbling, exciting and a definite inspiration for the second edition.

What's your favorite bit/part in the book?

My favorite part of the book would probably be the Preserving System Hardening section. I've been a "Unix guy" for a long time and have always like the flexibility and freedom of solving problems with scripts. I wanted to include section on commit scripts in the first edition but deadlines didn't permit it. For the second edition I definitely wanted to include a brief example to show the power of on-box scripting.