Brad Woodberg - Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series
Here you can read online Brad Woodberg - Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2013, publisher: OReilly Media, genre: Computer / Science. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series
- Author:
- Publisher:OReilly Media
- Genre:
- Year:2013
- Rating:4 / 5
- Favourites:Add to favourites
- Your mark:
Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Brad Woodberg: author's other books
Who wrote Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series? Find out the surname, the name of the author of the book and a list of all author's works by series.
Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Brad Woodberg, JNCIE-M, JNCIE-SEC, et al, is a product line manager for SRX at Juniper Networks. He is co-author of Junos Security (OReilly), Juniper Networks NetScreen(Syngress), and Juniper Networks SSL VPN (Syngress).
Rob Cameron, principal engineer at a Silicon Valley startup, worked for eight years at Juniper Networks. Hes the co-author of Junos Security (OReilly) and Configuring Juniper Networks NetScreen & SSG Firewalls (Syngress).
Firewalls are an important part of almost every network in the world. The firewall protects nearly every network-based transaction that occurs, and even the end user understands its metaphoric name, meant to imply keeping out the bad stuff. Despite what some competitive marketing campaigns have said, the is not dead, and it is every bit as necessary today as it was yesterday. But firewalls have had to change. Whether its the growth of networks or the growth of network usage, they have had to move beyond the simple devices that only require protection from inbound connections. A firewall now has to transcend its own title, the one end users are so familiar with, into a whole new type of device and service. This new class of device is a services gateway . And it needs to provide much more than just a firewallit needs to look deeper into the packet and use the contained data in new ways that are advantageous to the network for which it is deployed. Can you tell if an egg is good or not by just looking at its shell? Once you break it open, isnt it best to use all of its contents? Deep packet inspection from a services gateway is the new firewall of the future.
Deep packet inspection isnt a new concept, nor is it something that Juniper Networks invented. What Juniper did do, however, is start from the ground up to solve the technical problems of peering deeply. With the Juniper Networks SRX Series Services Gateways, Juniper built a new platform to answer todays problems while scaling the platforms features to solve the anticipated problems of tomorrow. Its a huge challenge, especially with the rapid growth of enterprise networks. How do you not only solve the needs of your network today, but also anticipate the needs for tomorrow?
Juniper expended an enormous amount of effort to create a platform that can grow over time. The scalability is built into the features, performance, and multifunction capability of the SRX Series. This chapter introduces the solutions the SRX Series can provide for your organization today, while detailing its architecture to help you anticipate and solve your problems of tomorrow.
The predecessors to the SRX Series products are the legacy ScreenOS products. They really raised the bar when they were introduced to the market, first by NetScreen and then by Juniper Networks. Many features might be remembered as notable, but the most important was the migration of a split firewall software and operating system (OS) model. Firewalls at the time of their introduction consisted of a base OS and then firewall software loaded on top. This was flexible for the organization, because it could choose the underlying OS it was comfortable with, but when any sort of troubleshooting occurred, it led to all sorts of finger-pointing among vendors. ScreenOS provided an appliance-based approach by combining the underling OS and the features it provided.
The integrated approach of ScreenOS transformed the market. Today, most vendors have migrated to an appliance-based firewall model, but it has been more than 10 years since the founding of NetScreen Technologies and its ScreenOS approach. So, when Juniper began to plan for a totally new approach to firewall products, it did not have to look far to see its next-generation choice for an operating system: Junos became the base for the new product line called the SRX Series.
Juniper Networks flagship OS is Junos. The has been a mainstay of Juniper and it runs on the majority of its products. Junos was created in the mid-1990s as an offshoot of the FreeBSD Unix-like operating system. The goal was to provide a robust core OS that could control the underlying chassis hardware. At that time, FreeBSD was a great choice on which to base Junos, because it provided all of the important components, including storage support, a memory controller, a kernel, and a task scheduler. The BSD license also allowed anyone to modify the source code without having to return the new code. This allowed Juniper to modify the code as it saw fit.
Junos has evolved greatly from its initial days as a spin-off of BSD. It contains millions of lines of code and an extremely strong feature set.
The aged gracefully over time, but it hit some important limits that prevented it from being the choice for the next-generation SRX Series products. First, ScreenOS cannot separate the running of tasks from the kernel. All processes effectively run with the same privileges. Because of this, if any part of ScreenOS were to crash or fail, the entire OS would end up crashing or failing. Second, the modular architecture of Junos allows for the addition of new services, because this was the initial intention of Junos and the history of its release train. ScreenOS could not compare.
Over time, solutions to yesterdays problems age and become less relevant to todays needs. Because of this, the functionality that is needed to solve todays problems is greatly focused on deep packet inspection. This is a problem that ScreenOS was never designed to solve. With its ASIC-focused architecture, it allowed for amazing performance for stateful firewalling but poor performance deeper in the packet. Although ScreenOS could be further evolved into this market, Junos already had the necessary underpinnings to allow for deeper inspection.
.
The virtual router (VR) is an example of another important feature developed in ScreenOS and embraced by the new generation of SRX Series products. A VR allows for substitute command the creation of multiple routing tables inside the same device, providing the administrator with the ability to segregate traffic and virtualize the firewall.
elaborates on the list of popular ScreenOS features that were added to Junos for the SRX Series. Although some of the features do not have a one-to-one naming parity, the functionality of these features is generally replicated on the Junos platform.
Feature | ScreenOS | Junos |
Zones | Yes | Yes |
Virtual routers (VRs) | VRs | Yes as routing instances |
Screens | Yes | Yes |
Deep packet inspection | Yes | Yes as full intrusion prevention |
Network Address Translation (NAT) | Yes as NAT objects | Yes as NAT policies |
Unified Threat Management (UTM) | Yes | Yes |
IPsec virtual private network (VPN) | Yes | Yes |
Dynamic routing | Yes | Yes |
High availability (HA) | NetScreen Redundancy Protocol (NSRP) | Chassis cluster |
Virtual firewalls | Virtual Systems (VSYS) | Logical Systems (LSYS) |
Font size:
Interval:
Bookmark:
Similar books «Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series»
Look at similar books to Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Juniper SRX Series: A Comprehensive Guide to Security Services on the SRX Series and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.