能源和公用事业公司解决方案概述

  文件类型：PPT/Microsoft Powerpoint   文件大小：3590656字节

内容摘要：

Juniper Networks
能源和公用事业公司解决方案概述
为实时企业提供公认的 IP 基础设施
议程
Juniper 简介
能源和公用事业公司面临的网络问题及其解决方案
总结
1996
2006
#789
公司成立
1999
Acorn
2001
2005
2002
2004
2000
1998
$500M
$1B
$2B
$2.3B
4800+
员工人数
十年创新
1000
1500
收入
M 系列
T 系列
SSG
UAC
2500
3500
企业领域公认的安全网络解决方案领导者
帮助企业通过网络实现战略价值
基于系统 的两全方法,在保证高性能的同时确保安全性,且支持大规模部署
面向企业和公共机构的最佳的产品,解决方案和服务
在满足最苛刻的动态应用环境要求上成绩斐然
高端路由市场排名第 1
2 万多名客户
前 35 大服务运营商所使用
安全接入市场排名第 1
92% 的财富 100 强企业所使用
50 个美国州立政府中的 47 家所使用
前 10 大商业银行中的 8 家
所使用
NASDAQ 100 企业
9,000 名全球合作伙伴
高度重视经济效益
持续的收入增长
Q4'06 是 US$595.8M,比 Q2'05 增长了 4%
2006 年收入 $2,303.6M,比2005 年的 $2,064.0M 增长了大约 12%
在各地区都有不俗表现
现金盈利丰厚
现金,等值物和投资总计 $2.6B
美洲
APAC
EMEA
奖项和荣誉
2006
2005
2004
2003
2002
2001
2000
1999
1998
不断得到新闻媒体和业界同仁的肯定
公认的技术,产品和服务领导者
GCN
为全球 2 万多名客户提供服务
美国劳工部
公认的最佳创新技术

UAC
AAA
OAC
NMS
策略,控制
和可视性
安全性/VPN
路由
应用前端
广域网优化
安全访问
客户服务
专业服务
培训服务
能源和公用事业公司面临的网络问题及其解决方案
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
*
能源和公用事业公司面临的网络和安全问题及其顾虑
实时 IP 控制网络的可靠性
保护控制网络外围
网络攻击防御并实现 SCADA 的可视性
安全的控制网络业务分析
SCADA 访问控制
通过 IP 路由来控制网络存在问题
IP 的最初设计并不支持无中断运行和始终用于控制网络
许多路由公司自己构建的业务路由器都屡次造成网络"中断"
传统的路由器常存在安全缺陷,以致将自己暴露在攻击的风险之中
维护并支持大量的路由器软件版本将增加网络运行成本
网络更难以维护
网络更易于遭遇软件"错误""
互联网
SCADA
黑客攻击路由器 OS 的安全漏洞或发动 DDoS 攻击
负载过重的路由器拒绝授权用户访问网络
阻断
远程计算机
黑客
面向实时 IP 控制网络的 JUNOS 解决方案
安装了 JUNOS 的 Juniper 路由器是业界最可靠的路由器
路由器的控制,转发和特性面板相互分离,允许隔离潜在故障并提高路由器的可用性
单一 的 JUNOS 代码版本可增强安全性,性能和可靠性
单一代码版本能够简化软件的质量控制流程,从而减少潜在"错误"
单一代码版本可减轻运行任务并降低运行成本
基本的设计和软件实施可提供成本更低,更可靠的实时 IP 控制网络
互联网
SCADA
黑客攻击路由器,JUNOS 能够有效抵制攻击
攻击期间仍允许授权用户访问网络
远程计算机
黑客
保护 SCADA 网络外围:问题
SCADA 网络日益与其它 IP 网络和互联网进行互连
加大了 SCADA 网络的访问量并加剧了潜在攻击风险
在 SCADA 网络中安装防火墙可能会阻断有效警报或控制消息的传输
SCADA 必须支持控制人员全面访问网络,同时防止外部人员访问网络
SCADA
控制室
远程工作人员
合作伙伴
办公室局域网
工作人员
在 SCADA 网络中安装防火墙可能会阻止在控制室与网络之间传输重要信息
阻断
阻断
保护 SCADA 网络外围:解决方案
在 SCADA 外围安装 Juniper 防火墙
允许在 SCADA 与控制室之间传输流量,不受防火墙的阻挠
警管进出 SCADA 网络的全部流量
阻断非法用户,设备和应用
保护 SCADA 网络免遭外部攻击
使用细粒度的防火墙规则,以确保 SCADA 网络的安全性
利用 Juniper 防火墙的管理工具来简化网络安全性操作并降低成本
SCADA
远程工作人员
合作伙伴
办公室局域网
工作人员
在 SCADA 网络外围安装防火墙允许顺利传输信息,不受控制室的阻挠
控制室
SCADA 网络攻击防御和可视性:问题
您无法保护 SCADA 网络免遭"无形的"攻击
您应确保网络应同时免遭"已知"和"未知"攻击
需要同时基于签名和协议异常来检测攻击
只知道攻击已经发生以及攻击造成的后果不是理想境界
必须实时阻断攻击
SCADA
远程工作人员
黑客
办公室局域网
工作人员
如果黑客访问 SCADA 网络,您只有在攻击实际发生后才可能发现
控制室
面向 SCADA 网络攻击防御和可视性的 Juniper IDP 产品
Juniper IDP 产品允许详细查看应用和网络活动
Juniper IDP 产品提供 8 种攻击检测方法,用于防御已知和未知攻击
IDP 可配置用于实时检测和阻断攻击
远程工作人员
黑客
办公室局域网
工作人员
使用 IDP 或集成了 IDP 的防火墙,您可实时识别出并阻断攻击
控制室
SCADA
阻断
SCADA 特定的 IDP 增强特性
对于 Modbus
仅侦听模式
重启通信
清晰的计算器和诊断记录器
读取设备识别
读取从属识别
非法的数据包大小
确认例外码延迟
无效报头
从设备繁忙例外码延迟
读尝试
写尝试
非 Modbus 流量
对于 DNP3
关闭主动响应机制
主动响应风暴
冷重启
读取请求
中断服务器
热重启
对于DNP3 – 续
广播请求
非 DNP3 流量
写请求
混合请求
ICCP
无效的版本编号
错误的缓冲区大小
无效的 TPDU 代码
不支持的 TPDU 代码
无效的传输选择器规模
不支持的服务
错误的会话连接参数
会话内容的无效长度
会话拒绝无效原因码的长度
错误的会话结束参数
错误的会话断开连接参数
错误的会话中断参数
错误的会话数据传输参数
CLONE: ICCP
不支持的服务
IDP 中的攻击签名支持通用的 SCADA 协议.
控制网络业务分析系统的安全问题
大型的系统日志文件中提供关于控制网络的数据,常在远程服务器上传输和保存
业务分析师访问此类数据,以便审核系统日志数据并做出明智的业务决策
如果"按原样"传输数据,将遭遇安全风险,不是可行的做法
SCADA
远程业务分析师
SCADA
系统日志存储库
黑客
黑客通过"中间人"攻击拦截正在传输的系统日志文件,并使用系统日志文件来了解 SCADA 网络以便策划攻击
控制室
Juniper 面向业务分析的控制网络 VPN
使用 Juniper IPSec 及/或 SSL VPN 解决方案,您可从存储库向业务分析师安全地传输系统日志数据
保护数据并大幅度降低黑客使用系统日志数据来了解如何发动网络攻击的可能性
基于 IPSec 和 SSL 技术的解决方案允许基于应用灵活地选择产品和配置
SCADA
远程业务分析师
SCADA
系统日志存储库
黑客
试图拦截系统日志数据的黑客被 Juniper VPN 解决方案阻断,从而能够有效抵御"中间人"攻击. Juniper VPN 解决方案还能加密被传输的文件
阻断
控制室
SCADA 网络访问控制:问题
一直无法对网络访问进行细粒度的严格访问控制
内部员工,合作伙伴,供应商甚至潜在客户都在访问您的网络,因此,您需要对 SCADA 部署访问控制解决方案
远程工作人员
合作伙伴
办公室局域网
工作人员
如何才能阻断白天是合作伙伴,夜里变成黑客的两面人呢
控制室
SCADA
变成黑客
面向 SCADA 网络访问控制的 Juniper UAC 解决方案
Juniper UAC 解决方案为 SCADA 提供细粒度的网络访问控制
允许在单个用户,设备和应用级别配置访问权限
基于一组严格的网络访问规则提供动态访问控制
UAC 允许您利用现有防火墙来保护 SCADA 网络
不要求全面升级以太网交换机基础设施
远程工作人员
合作伙伴
办公室局域网
工作人员
统一访问控制解决方案基于用户,设备,应用和分时段控制规则来提供细粒度的访问控制
控制室
阻断
SCADA
变成黑客
能源和公用事业公司面临的网络问题及其解决方案
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
*
总结
SCADA 和流程控制网络日益与 IP 网络和互联网相连接
增强了授权用户对网络的访问能力,同时也将安全漏洞暴露给了攻击者
Juniper 的网络可靠性和安全性解决方案能够保护SCADA 和流程控制网络提供的关键服务与资源
Juniper 是提供安全解决方案的公认领导者,在保护流程控制和 SCADA 网络方面也是赫赫有名
同时确保高性能和安全性的基于系统的方法
最佳产品和解决方案
公认的成功史
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
*
更多信息源
关于 Juniper
http://www.juniper.net/
企业解决方案
http://www.juniper.net/solutions/enterprise/
合作伙伴和经销商
http://www.juniper.net/partners/
培训
http://www.juniper.net/training/
支持
http://www.juniper.net/customers/support/
最棒的合作伙伴协作共存系统
解决方案
供应商
联盟
客户服务
经销商
2005 Silver Medal 奖
Best Growth
Partner Program 奖
Best New
Vendor 2005 奖
Best Government
Channel 2005 奖
Infrastructure
Content & Applications
Managed Services
Security
OSS / NMS
Applications Alliances
可管理的服务供应商
Juniper Networks 全球上市战略 — J-Partner
帮助并奖励合作伙伴提供关键业务的网络和安全解决方案
关键业务网络解决方案
最终客户
帮助
奖励
解决方案
融资
需求
计划
渠道伙伴
全球精英
精英
专家
授权
联盟合作伙伴
基础设施
安全性
系统集成
OSS 和网络管理
内容和应用
最佳的网络和端点安全性

101101110010001110100110100101111001110010111010011111110100111001001001000111001100111010010010101010101
数据中心和
服务器
最终
用户网络
Symantec 端点和服务器保护代理
Symantec Network Security
Symantec Network Security
Symantec Gateway Security
Juniper ISG/SSG
Juniper IDP
Juniper ISG/SSG
集成了 Symantec 的安全内容工具
Juniper 网络安全产品
互联网
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
*
端点制度遵从/访问控制解决方案需求旺盛,但解决方案仍然十分复杂
多个移动部件:多个客户端代理,RADIUS 服务器和网络硬件,必须要测试它们的互操作性
复杂性的风险将减慢网络访问控制市场的增长速度
擅长端点安全性和制度遵从
通过收购 Sygate 提供广泛的端点制度遵从解决方案
市场领先的端点防病毒和个人防火墙
强大的端点解决方案销售渠道
symantec
目标:
全面的端点制度遵从和访问控制解决方案
擅长保护网络基础设施的安全
市场领先的 802.1x 请求方和 AAA Radius 技术
市场领先的基于网络的执行和安全产品
强大的网络解决方案销售渠道
Juniper 客户服务
模块化的服务产品提供灵活的,可定制的服务来满足您的要求
保修支持
物流支持
现场服务
专业服务
JTAC 支持和软件下载
培训和认证
Juniper 全球客户支持
班加罗尔
萨尼维尔
Herndon
阿姆斯特丹
东京
悉尼
北京
汉城
Westford
香港
12 个 JTAC 中心,由 200 多名 JTAC 工程师 24x7x365 全天候提供服务
NC
Ogden
Juniper 培训服务
全面而灵活的培训服务,可创造许多优势
帮助最大限度地利用 Juniper 产品的特性
提高投资回报率
降低部署和维护成本
避免对网络部署和运行进行高成本修改
使员工能够培养自己的知识和专业技能
招聘并维系天才员工
服务供应商


助理


一般专家


高级专家

资深专家
E 系列
M/T 系列
级别

DX

SSL

Q4'06
Q4'06
企业路由
企业

IDP

WX

助理

一般专家
Q4'06
资深专家
防火墙/ VPN
级别
Juniper 专业服务
互联网专家
IP 路由和安全行业中公认的领导者
最佳的工具和业务实践
严谨的规划
公认的执行能力
全面集成和统一
销售,客户服务,工程及合作伙伴
全球覆盖范围
遍布美洲,EMEA 和 APAC
质量承诺
Juniper 质量管理体系
TL9000 基于 ISO 9001;满足 81 项电信要求
北美洲首家通过电信运营商质量卓越性论坛
最严格的 TL 9000 认证的公司
1.0 系统管理
2.0
资源管理
3.0
流程管理
4.0
变化管理
5.0 和 6.0 支持管理
Juniper Networks – 公司简介
1996 年成立
在 70 多个国家开展业务
拥有 4,500 多名员工
简介
市场执行能力
90% 的财富 100 强企业都是 Juniper 的客户
市场份额:在所有主要市场均位居 3 甲之列
Gartner魔力象限的领导者:
SSL VPN,防火墙,IDP,IPSec VPN
全球范围内拥有 6500 多名合作伙伴
全球范围内拥有 8,000 多名客户
经济效益
20 多亿美元,现金盈利丰厚
财富 1000 强企业
NASDAQ-100 Gold 企业
S&P 500 企业
Imperatives for enterprise networking – how Juniper sees enterprise networks evolving based on our extensive work with both carrier and enterprise customers in networking and security
How Juniper helps customers – we will discuss the different types of secure and assured networking solutions that we have delivered for customers
Getting to the secure and assured network – we will discuss the different areas of your network to understand key issues and projects that Juniper may be able to assist with
Take away:
In just over 10 years, we have achieved over a $2B run rate. Very few companies have achieved this level of success. Juniper has been committed to innovation and delivering the products, solutions and services required to address our customers most pressing IT and business challenges through internal innovation and acquisitions.
Detail:
From the beginning in 1996 through our 10th anniversary in 2006, Juniper has been committed to innovation and delivering the products, solutions and services required to address our customers most pressing IT and business challenges.
In total we have invested nearly $2B ($1.67B) in R&D to deliver a broad portfolio of technology, products, and patented intellectual property. Currently, we have over 100 patents, with a substantial amount of pending applications. This positions Juniper well for the coming decade.
To capitalize on our position we have intensified our focus on two key segments of the market – the Enterprise and the Service Provider.
This focus resulted in top line revenue growth from 2005 to 2006 of 12 percent.
We see significant opportunity in the market for network infrastructure, and our overall focus as a company will remain on developing the leverage from the cross pollination of our technology between Service Providers and Enterprises, and the expanded presence with both types of customers, which in effect doubles our total addressable market.
We are coming up on the 3rd year of entering the enterprise market since we made our NetScreen acquisition decision in 2004, and our 2nd year since we made our Funk Software, Peribit and Redline acquisition decisions for additional security and application performance technologies, respectively. These acquisitions have directly translated into broader customer-focused solutions [for threat management, controlling access and application performance].
Firsts:
Operating Systems: JUNOS - Single OS platform; Screen OS
Routing: Separating forwarding and data plane for routing platform
Performance and Integration
As an example, for the NetScreen and Funk acquisition, we have seen our standalone products and technology leadership now become deep and broad integrated solutions that address critical customer problems, as reflected by the success of our SSG, ISG and UAC solutions for threat management and controlling access. As an example for the Peribit and Redline acquisition, we have announced the future integration of the Juniper WXC WAN optimization capabilities into the J-series routers to provide compression and caching, TCP and application-specific acceleration, and visibility and reporting functions. We also announced the 1000th T-Series Shipment in August 2005 (to KT, South Korea's leading telecommunications service provider)
Partnerships:
From a partner standpoint, the Juniper branch office strategy includes integration with the Avaya Voice Gateway and will include the WAN Application Acceleration (WXC) technologies into the new J-series routers. The new J4350 and J6350 are currently IP Telephony ready. With Symantec, we've entered into a broad strategic partnership focused on delivering best-in-class, integrated security solutions to enterprise customers and are currently developing UTM and IPS solutions; and build standards-based, integrated access control and endpoint compliance solutions.
Some of our key home grown industry innovations (patents, etc.) that assure balance between internal investments and M&A, include
XXX
Key Takeaways:
Juniper is:
-Proven, Best-In-Class
-Market/Industry Leader
-Low Risk
Juniper provides purpose-built, high-performance IP platforms that enable our customers to support a broad range of services and applications at scale.

Service providers, enterprises, governments, and research and education institutions worldwide rely on us to deliver products, solutions and services for building networks that are tailored to the individual needs of their users, services, and applications.
With revenue on an annualized basis exceeding $2B, a strong cash and investment position of $2.6B and an employee base of nearly 5,000 worldwide we are well positioned to serve the world's largest and most successful enterprise and service provider organizations. We conduct business in more than 70 countries.
Other Proof Point Notes:
In the Data Centers of the Top 4 Sites: Yahoo, MSN, AOL, and Google
NASDAQ 100 company with annual revenues in excess of $2 billion. Operations & partners global in scope.
Today we have a total installed base of over $8.6B across more than 100 countries worldwide, which comes from more than 400,000 units shipped to more than 20,000 customers, through the help of more than 9,000 partners.
Let's be clear, Juniper's focus is not on the entire enterprise. Our focus is on organizations that see their network as a strategic corporate and IT asset, requiring that the network helps forward their business. Some of these organizations that we are working closely with include:
Financial Services (T. Rowe Price, Raymond James, Deutsche Bank)
Retail (RadioShack, UPS Store, McDonalds)
Public Sector (Air Force, Army, University of Maryland, )
Customer Descriptions:
Rent-A-Center deployed approximately 225 Juniper Networks NetScreen-5GTs in its retail stores to establish a secure VPN for transmitting POS data back to its headquarters.
McDonald's Canada deployed the Juniper Networks NetScreen-5GT appliances for real-time transmittal of restaurant inventory, point-of-sale and financial data to its headquarters. NetScreen-500 systems are located at the McDonalds headquarters and at a secondary datacenter for secure VPN tunneling of sensitive data.
PUMA deployed Juniper Networks NetScreen-5GT and -204 appliances to securely connect PUMA's U.S. and Hong Kong headquarters to the company's German data center that hosts the intranet and corporate applications such as SAP.
Catholic Health deployed Juniper's SA 3000 SSL VPN for 24-hour remote access to key patient information, such as records and lab results for more than 500 physicians.
Blue Square deployed two pairs of Juniper Networks NetScreen-208 appliances and one IDP 100 to secure sensitive customer data on its network and optimize up time without compromising throughput speeds.
Commerce Bank deployed Juniper Networks NetScreen-IDP 100 as well as Juniper Networks NetScreen-500 to provide firewall protection and secure VPN connectivity for the bank's primary customer network which facilitates online banking and financial transactional data as well as its extranet that provides investment products. Juniper Networks NetScreen-25s are installed at the bank's corporate headquarters and provide firewall protection for an internal network testing environment. Juniper Networks NetScreen-5GT appliances are deployed at multiple third-party service provider locations to provide secure VPN tunneling for access to the bank's core network and business transactions.
MGM Mirage deployed Juniper Networks M10i and M320 multiservice routers at the network core to converge multiple networks onto a single IP infrastructure. MGM also leverages Juniper Networks NetScreen 208s to provide restaurants, stores and other businesses that lease space on MGM MIRAGE properties with network services that are isolated from MGM MIRAGE's other business systems
Hallmark Canada deployed 60 5GTs in its retail locations throughout Canada and 1 NetScreen 50 along with the Juniper Networks IDP 10 within the corporate network to provide security for the company's network infrastructure
Hitachi deployed NetScreen-5GT and -204 appliances as well as a NetScreen-500
The NetScreen-500 is located at Hitachi's corporate headquarters in Dallas. NetScreen-204 appliances are located at 14 different Hitachi field offices. NetScreen-5GTs provide FW/VPN for Hitachi's smaller site offices Hitachi manages all these devices with NSM.
Toys R Us accelerated the performance of key applications and tripled the WAN bandwidth of its existing network by deploying the Juniper WX application acceleration platforms. The WX has helped the retailer accelerate the performance of a critical inventory tracking application while increasing WAN bandwidth by 300 percent for its existing network.
The Virginia Hospital Center, a teaching hospital long-associated with Georgetown University's School of Medicine deployed Junipers SA 6000 to provide secure connections for remote offices and telecommuters to the central hospital network.
The Hospital also leverages the NetScreen FW/VPN and IDP appliances to secure its Internet gateway
University of Buffalo deployed a cluster of two Juniper Networks NetScreen-500 appliances in high availability mode to effectively accommodate 24x7 Internet access and electronic communications needs of its students, faculty and staff.
University of Miami deployed the Juniper Networks NetScreen 5000 to allow researchers, medical staff and faculty to share information, access applications and conduct studies on a secure private network. NetScreen 5200 and 5400 appliances provide protection for the University's four networks that provide access to the Internet and Internet2 via a high-speed wide area network. In addition to the four main data networks, the University operates a wireless network that covers an area of 240 acres on campus property. A NetScreen 204 appliance provides faculty and staff users of the wireless network access to non-Web applications such as financial, research or healthcare systems.
Stanford University deployed Juniper Networks SSG 550 appliances to provide an integrated perimeter-based defense that bolstered its desktop- and server-based protection from spam, viruses, phishing and network attacks unleashed while maintaining ready access to the Stanford University School of Education network.
Suffolk University deployed Juniper Networks SA 3000 to allow faculty and staff access to email, the campus directory and emergency access to faculty and staff during emergencies. NetScreen 204s are deployed in Suffolk University's core network and at remote sites to provide site-to-site VPN. The University also deployed Juniper's M7i router to allow the University to run BGP for connectivity with their ISPs.
CSU Monterey Bay deployed Juniper Networks NetScreen-500 appliances to serve as the University's main firewall protecting student, faculty and staff data. The University calculates that it has seen an 85-90 percent reduction in attack infiltration since deploying the Juniper Networks solution.
NATO deployed 21 Juniper IDP 200 appliances to secure its global network.
The US Coast Guard received stringent Common Criteria certification (EAL2) for the deployment of Juniper's NetScreen-5GT, -50, -208, -500 and -5200
Suggested Additional Customers
Philadelphia Stock Exchange deployed Juniper Networks M-320 routers to augment its existing network infrastructure with the addition of two new co-location sites and virtual data centers near the metropolitan New York financial district. Utilizing the Juniper routers, the Exchange is able to complete trades on its equity cash system in less than five milliseconds.
The Methodist Hospital System deployed the Juniper Networks ISG 2000 and Juniper Networks NetScreen-500 appliances to provide security and site-to-site access to four hospitals and two universities as well as vendors who do business with the Methodist Hospital System - the NetScreen-500 also serves as a way for some smaller remote sites to securely access the system. The Hospital System leverages NetScreen-50 appliances to maintain a separate VPN for the hospital's Website and NetScreen-5GTs for smaller sites within the Hospital network. Juniper Networks SA 5000 SSL VPN and DX 3650 application acceleration appliances provide remote access to large files and advanced features such as voice, while minimizing packet latency.
The Globe and Mail deployed Juniper Networks SA 4000 SSL VPN for secure access to the corporate intranet with differentiated rules for its reporters and outside contractors. The Globe and Mail also leverages Juniper's IDP 1100 to analyze and sift through all traffic entering and exiting its online website and corporate intranet.
Dow Corning deployed the Juniper Networks DX 3250 application acceleration platforms to dramatically increase the performance of its centralized mySAP NetWeaver portal which provides remote access to vital business applications and processes for thousands of employees and customers around the world.
Cox Newspapers, along with the Atlanta Journal-Constitution and 17 other Cox owned daily newspapers deployed the Juniper Networks SA 6000s to provide its distributed workforce with secure access to applications from Windows, Intel-based Mac, Linux platforms and Windows Mobile 5.0 PDAs and phones.
Our products deliver best-in-class performance and innovation across 6 key areas (vertical columns):
Routing
Security
Secure Access (for remote access)
WAN Optimization
Application Front End (for Data Center optimization)
Policy, Control & Visibility across the portfolio
This provides an overview of our platforms and should solidify that Juniper has both the depth and breadth to address most of your networking requirements.
All backed by a Partner and alliance program to deliver the best service to our customers. Also as we touched on earlier a WW support organization to provide the tools to support your evolving requirements.
To defend SCADA networks against diverse attacks, the Juniper Networks IDP platforms provide accurate, automated protection. Multiple detection methods, including compound signatures, stateful signatures, protocol anomaly and backdoor detection, enable Juniper's IDP to prevent the plethora of threats out there including worms, trojans, network viruses, spyware, and other malware and emerging threats. Juniper also offers its IDP customers a unique signature update service, provided daily during the business week and on non-business days as required.
Daily updates are key to improving organizations' threat coverage and responsiveness to attacks, even on "day zero," the first outbreak of a new threat.
Specific to SCADA networks, Juniper currently provides a specific set of signatures which is continuously expanded and updated according to ever-changing threat levels.
This set of signatures is organized in a specific SCADA Dynamic Attack Group Category.
While further development is underway to provide full protocol decoding functionality for the time being the following is the current set of signatures supported by Juniper IDP (and subject to daily updates) comprises the following objects:
Modbus
Force Listen Only mode - This signature detects attempts to force a Programmable Logic Controller (PLC) into listen-only mode, in which the PLC does not respond to request packets
Restart Communications - This signature detects attempts to force a Programmable Logic Controller (PLC) to restart. The PLC is unavailable while powering on.
Clear Counters and Diagnostic Registers - This signature detects attempts to erase the counters and diagnostics of a Programmable Logic Controller (PLC). The erasure can enable attackers to hide their previous attacks
Read Device Identification - This signature detects attempts to read the identification of a Programmable Logic Controller (PLC). Attackers can use this identification information to plan future, more targeted attacks.
Read Slave identification - This signature detects attempts to read the slave Identification of a Programmable Logic Controller (PLC). Attackers can use the information in the slave Identification to plan future, more targeted attacks.
Illegal packet size - This signature detects Modbus packet sizes over 260 bytes. Modbus packets are limited to 7 bytes of headers and 253 bytes of data. It is strongly recommended that a TCP frame transports only one Modbus ADU.
Acknowledge Exception Code Delay - This signature detects postponed actions and/or alarms, which may indicate an attacker is attempting to create a denial-of-service (DoS).
Invalid Header - This signature detects an invalid header in a Modbus packet. The Protocol Identifier must be \x00 00\x. This also detects non-Modbus traffic on port TCP/502.
Slave Device Busy Exception Code Delay - This signature detects postponed actions and/or alarms, which can indicate an attacker is attempting to create a denial of service (DoS).
Read Attempt - This signature detects attempts to read information from a PLC Programmable Logic Controller (PLC).
Write Attempt - This signature detects attempts to write information to a PLC Programmable Logic Controller (PLC).
Non-Modbus Traffic - This signature detects traffic on the Modbus port that does not implement the Modbus protocol.
DNP3:
Disable Unsolicited Responses - This signature detects attempts to stop unsolicited responses from devices. Attackers can prevent devices from sending alarms.
Unsolicited Response Storm - This signature detects a high number of unsolicited responses. Attackers can be attempting to overload a DNP control server and create a denial-of-service condition.
Cold restart - This signature detects a cold restart, during which a device is forced to restart, power on, and self-test. The device is unavailable during this process.
Read Request - This signature detects attempts by clients to read information from a Programmable Logic Controller (PLC). Attackers can use this information to plan future, more targeted attacks
Stop server - This signature detects attempts to stop a DNP3 server.
Warm restart - This signature detects attempts to reinitialize a PLC or DNP3 server.
Broadcast Request - This signature detects broadcast requests. Attackers can broadcast requests to a network of PLCs or other DNP3 servers to cause a denial of service (D0S).
Non-DNP3 Traffic - This signature detects non-DNP3 traffic on the default port.
Write Request - This signature detects attempts to write information to a Programmable Logic Controller (PLC).
Miscellaneous Request - This signature detects miscellaneous common requests to a Programmable Logic Controller (PLC).
ICCP:
Invalid Version Number - This signature detects an invalid ICCP version number. A version number other than 3 can be an attempt to exploit a vulnerability in a recipients handling of this unusual condition. If the local applications behavior is to drop or reset the connection when a 3 is not received, this can be an attempt to create a denial of service.
Wrong Buffer Size - This signature detects a TPDU buffer size that is too small or too big. OSI Transport Class 0 (TP0) specifies the amount of user data that can be carried on any particular transport primitive. If the protocol specifications form the basis for local buffer management, too much or too little data could lead to a buffer overflow attack.
Invalid TPDU Code - This signature detects an invalid TPDU code. ISO 8073 specifies a limited set of TPDU codes. It is possible that an invalid TPDU code can cause mis-operation by the local implementation.
Unsupported TPDU Code - This signature detects an unsupported TPDU code. OSI Transport Class 0 (TP0) disallows the use of the Disconnect Confirm (DC), Expedited Data (ED), Acknowledge (AK), Expedited Acknowledgement (EA), and Reject (RJ) TPDUs. If such a code is received, it can possibly be a data injection or denial of service attack; it is likely that the attacked implementation would generate a Disconnect Request (DR), thereby terminating the connection.
Invalid Transport Selector Size - This signature detects and invalid transport selector size. The International Standardized Profiles for MMS specify that the Transport Selectors shall have a maximum size of 32 bytes. However, the parameterization of the selector according to ISO 8073 may have a length of 255 bytes. If the local implementation only allocates 32 bytes, this could lead to a denial of service or buffer overflow attack.
Unsupported Service - This signature detects a unsupported SPDU service. ISO 8327 specifies a limited set of SPDU codes. It is possible that an invalid SPDU code could cause mis-operation by the local implementation.
Wrong Session Connect Parameter - This signature detects a wrong CN parameter. Several parameters specified in ISO 8327 are constrained and not to be sent according to the International Standardized Profiles (ISP). Seeing this in local behavior, when an unexpected parameter is unknown, it is possible that this could be a denial of service attack
Session Connect Invalid Length -This signature detects a Session Connect invalid length. Several parameters specified in ISO 8327 are constrained in size or not to be sent according to the ISP. Since local behavior when an unexpected parameter is unknown, it is possible that this could be a denial of service attack
Session Refuse Invalid Reason Code Length - This signature detects a Session Refuse invalid reason code length. The maximum size for the reason code parameter is 13.
Wrong Session Finish Parameter - This signature detects a wrong Session Finish parameter. The only parameter that should be present is the User Data parameter.
Wrong Session Disconnect Parameter - This signature detects an inavlid Session Disconnect parameter. Several parameters, specified in ISO 8327, are constrained and not to be sent according to the ISP. Since local behavior is undefined when an unexpected parameter is encountered in the session PDU, it is possible that this could be used as a denial of service attack. The only parameter that should be present is the User Data parameter.
Wrong Session Abort Parameter - This signature detects a wrong Session Abort parameter. Several parameters, specified in ISO 8327, are constrained and not to be sent according to the ISP. Since local behavior is undefined when an unexpected parameter is encountered in the session PDU, it is possible that this could be used as a denial-of-service attack. The only parameter that should be present is the User Data parameter.
Wrong Session Data Transfer Parameter - This signature detects a wrong Session Data Transfer parameter. Several parameters, specified in ISO 8327, are constrained and not to be sent according to the ISP. Since local behavior is undefined when an unexpected parameter is encountered in the session PDU, it is possible that this could be used as a denial-of-service attack. The only parameter that should be present is the User Data parameter.
CLONE:ICCP:
Unsupported Service - This signature detects a unsupported service. ISO 8327 specifies a limited set of SPDU codes. It is possible that an invalid SPDU code could cause mis-operation by the local implementation
Juniper Networks IDP not only helps protect networks against attacks, using its advanced built-in profiling techniques (Enterprise Security Profiler) it also provides information on rogue servers and applications that may have been unknowingly added to the network. Juniper Networks IDP provides administrators with visibility into specific applications and assets that are present and/or being used on the network and how, when, and by whom they are being used. Administrators can have the Juniper Networks IDP enforce application usage policies or simply check to see if the current use of the network and resources meets the desired application policies. A centralized, rule-based management approach offers granular control over the system's behavior with easy access to extensive auditing and logging, and fully customizable reporting.
Example of our application integration and alliances – partnership with Symantec.
Juniper is a long time player in the networking market. Our credentials are listed here.
Key markets for Juniper include:
Enterprise and SP routing
No 2 in high end routing
No 2 in edge
Leader BRAS
No 2 in high end enterprise routing
Security
SSL VPN – #1
High end firewall - #2
IDP
Application Performance
Network Computing Editors Choice award – Application Acceleration platform – 2 years in a row
We also are well recognized in the industry in providing award winning WW support that continues to achieve top rating in customer satisfaction surveys
Customers have come to depend on Juniper's ability to deliver Best in Class solutions in a timely and cost effective manner.
·上一篇：股票代码:1808
·下一篇：股票代码:1722