|
|
|
|
| Read more articles on: |
|
|
 |
|
An enterprise is prone to security interruptions. Changing trends in information security indicate that an enterprise is more prone to internal than external threats. So whenever an enterprise looks for a security solution, its concern is to protect the core information and infrastructure, guard the endpoints, and verify the user device and policy. CIOL met up with Abby Tang, Enterprise Solution Marketing Manager, Asia Pacific, Juniper Networks, to find out more about the leading security issues in the enterprise segment, Juniper's activities in this area and the way ahead. Excerpts from an interview:
CIOL: What are the leading security issues in the enterprise segment?
Abby Tang: The emphasis is on voice security. Layered security is part of the enterprise Internet. For enterprises, the biggest concern is that people first build the infrastructure and then build the security. It is hard that way as it involves departmental firewalls. Voice security is a major concern
Enterprise networks are not yet robust enough to handle enormous voice traffic. Voice takes up lot of processing power. Enterprises have to upgrade their infrastructure. If people are not using Juniper's current firewall updates and the latest OSs, they are not securing voice in the application layer. For voice, enterprises have to open up voice TCP/IP and a range of UDP ports. This allows hackers to enter the network. Enterprises need to secure voice at the application layer.
Using our solution, the firewall opens only the necessary communication ports dynamically, once any call is initiated inside and outside of the network. Once the voice call is over, the port is closed. The firewall can understand the voice protocol. Juniper's customers can download the latest version of the Juniper OS from our Web site. We are focusing on security and assurance. Security is the hottest topic for enterprises, followed by wireless.
For wireless, we have a firewall that has a deep-inspection function. It inspects the applications, including http, voice and peer-to-peer, like MSN, Yahoo, Skype, etc. We have an anti-virus filter built into the box as well. We have integrated wireless into our 5GT box, which is patent pending. One wireless box can offer up four SSIDs. Each SSID can associate to different security zones. The 5GT has been around for a long time. Many, who deploy wireless, feel that is an internal network. Juniper believes that wireless should always be an external network, outside the firewall.
Another key issue is remote access. We are very good at protecting our internal networks and servers. For example, if I have viruses in my laptop, there is risk of introducing viruses into our network. All remote users have to connect through the SSL VPNs. A lot of clients are using IPSec, but they are vulnerable. People should deploy SSL VPNs for remote access so there is granular control over who is accessing the network and from where. We can solve the problems of remote access with SSL VPNs. Endpoint security is another feature of SSL VPNs.
CIOL: How do you estimate the Indian infocsecurity market?
AT: The Indian market is a lot like the Asia Pacific market. We see lot of interest in VoIP. The market grew from 95 percent between 2002 and 2003. During 2002, the size of the VoIP segment was US $26.6mn (IDC) and it moved up to US $51.8mn during 2003. VoIP is thus showing strong growth. There are issues such as VoIP voice spamming and IP-PBX hacking. These are dangers for enterprises. They must ensure that two things happen first -- security and assurance.
Frost & Sullivan projects India's network security market to grow by 32.4 percent from an estimated US $45 million in 2004 to US $59.5 million this year. We are focusing on the enterprise segment. Besides large enterprises, small-and-medium-enterprises (SMEs) need security as well. Since they are more likely to lack in IT support, the managed security service providers are in good position to assist the SMEs in securing their networks.
CIOL: Please comment about the need for security in a VoIP network.
AT: VoIP needs to be secure at the application layer. Any corporation that is not securing its VoIP traffic at the 7 (superscript) layer, chances are that its network is vulnerable. Most firewalls in the market secure VoIP traffic in a very loose way, because they are only doing stateful inspection. In this case, IT administrators have to open a range of UDP ports for VoIP traffic to go through. Thus, the hackers can hack through systems via the open UDP ports any time they wish. You really need an application layer firewall for VoIP traffic so you can dynamically open/close UDP ports. When securing VoIP, you need to ask your firewall vendor if it can support VoIP at the application layer.
Juniper-NetScreen firewall customers can go to our support sites to download the latest Screen OS and enjoy true VoIP protection.
CIOL: The approach for investing in security should be on the basis of risk perception and impact analysis on business in case of information loss or non-availability of IT infrastructure. Please elaborate on this growing need for securing the network.
AT: As an example, we saw losses worth US $55 billion in 2003 from virus attacks alone. This was a 120 percent jump from 2002 (US $25 billion). Apparently, corporate financial losses due to security will only increase. The only way to mitigate risk is to have a well-defined set of security policies and tools in place. Today's networks are not only expanding, they are also becoming more complicated to manage. Attacks are coming through the application layer. Thus, they are harder to track and require higher-performance devices in every part of the network.
CIOL: There should be an emphasis on integration of security devices to make security measures more robust in an enterprise. Please elaborate why, and what are you doing in this area?
AT: Enterprises have to be careful when choosing integrated solutions because an inappropriate device will become the single point of failure in one's network. Juniper believes in best-of-breed integration and the right approach of integration for different sizes of the network.
Juniper offers a robust set of enterprise-class solutions at the entry level for the firewall/VPN line of products. These include Juniper's NetScreen-5GT, NetScreen-5GT ADSL, NetScreen-5GT Wireless and NetScreen-5XT appliances. These cost-effective, remote office security products are fully capable of securing a small, remote office, retail outlet, or a broadband telecommuter. These are the networks that require IT support remotely. Integration will provide ease of management and deployment.
CIOL: Though SSL VPNs provide flexible, secure remote access to virtually all of an enterprise's applications and computing resources, are there limitations with these products?
AT: SSL VPN does allow flexibility to the remote users. If the application access management is too complicated for some corporations, IT managers can still choose to use clientless IPSec deployment via Juniper's SSL VPN solutions.
CIOL: What is so unique about Juniper's layered security approach?
AT: We have recently announced our latest security strategy, the Enterprise Infranet. Our customers can re-use the security devices that have been deployed in their existing networks for years. This is the major benefit of our approach toward security. It will cost them a lot less to deploy the next-generation security network where IT administrators have granular control on every end point of the network.
CIOL: Where does the Infranet initiative stand vis-a-vis Juniper's security agenda?
AT: Juniper 's Enterprise Infranet focuses on security and assurance. Right now, Juniper's devices are the core of the policy enforcement, plus our partnerships with SSL VPN players like Citrix, McAfee, Symantec, etc. Also, Verisign and Phoenix Technologies -- they are moving into endpoint security. We work with many partners for the Enterprise Infranet.
|