Brad Woodberg - Juniper SRX Series

Beijing Cambridge Farnham Kln Sebastopol Tokyo

If you purchased this ebook directly from oreilly.com, you have the following benefits:

If you purchased this ebook from another retailer, you can upgrade your ebook to take advantage of all these benefits for just $4.99. to access your ebook upgrade.

Please note that upgrade offers are not available from sample content.

My career in networking and system administration took me from a hobbyist and self-proclaimed accidental tourist in the field of security to someone with a focused, passionate, and all-consuming obsession. It all started with a little thing called the firewall.

Back in the late 1980s and into the early 1990s, the commercial Internet boom began and organizations rushed to connect their computing resources directly to the burgeoning collective that would ultimately become known as the World Wide Web.

As the computing assets under my watch became more exposed and interconnectedand thus potentially ubiquitously accessedI found myself spending a lot of quality time evaluating the various emerging network firewalls of the period as a way of reducing the scope of the things I had to protect.

These firewalls came in all shapes, sizes, speeds, and architectural designs. They evolved from primitive stateless access control lists in Internet-connected routers to full-fledged proxies, circuit-level gateways, and stateful packet filters that provided more robust protocol and services support, logging, and Network Address Translation capabilities.

Each firewall platform promised a dizzying array of benefits, but given the myriad of designs, each one often forced a trade-off among isolation, usability, manageability, scalability, performance, features, and efficacy.

After a startup or two and deploying many of these firewalls, I found myself in the employ of a large networking service provider that charged me with the creation of a global managed service providing secure Internet ingress and egress to thousands of the largest companies worldwide.

The demand for expanded security services from customers was eclipsed only by the availability of Internet-connected computing resources, the proliferation of easy-to-use security tools, and the emergence of skilled and curious security enthusiasts to use them.

New classes of threats appeared, and as with any successful economic enterprise, new adversaries, tactics, and motivations emerged also. Keeping up with the velocity, variety, and volume of services, and the creative attacks that followed against the infrastructure providing them, became a challenge.

New operating systems took hold and new programming languages were invented and pressed into service quickly, as were rapidly deployed application frameworks and service delivery platforms, most of which presented a dizzying set of new attack surfaces, vulnerabilities, and risks.

The Internet arms race was officially on... and its been running strong for the 20 plus years that have followed.

Ironically, if instead of 20 years ago, I began this timeline only five years ago, one would recognize much of it as the present!

The challenges we have in keeping pace with the innovation of attackers, the broad attack surface against which attacks can be launched, the availability of technology, and the skill sets and motivations of the adversaries who seek to do us harm, make it clear that our choice of security solutions is that much more important.

This book describes how to operate, deploy, and optimize a world-class security platform with capabilities that allow security professionals to more effectively defend the assets they are charged to protect.

You might have already made that choice and invested in a Juniper Networks SRX Series security solution, or perhaps you are considering doing so, possibly for some of the scenarios just I described. In either case, you will find this book absolutely invaluable.

The SRX is an instrument of supreme precision, born from the networking heritage of a company long steeped in solving the toughest problems thrown its way. It is designed as a hyperscalable and extensible security services platform that provides next-generation security capabilities as you need them.

While attacks against infrastructure continue at a ferocious pace and with dazzling effectiveness, so will we witness even more surgically targeted and extremely sophisticated application-level attacks in complement.

Designed to be as supremely competent in securing Level 2 and Level 3 connectivity, the SRX also enables intelligent application-aware capabilities for Levels 4 through 7, leveraging features such as intrusion protection services, Unified Threat Management, and the AppSecure suite for application identification, classification, enforcement, control, and protection.

The SRX is a platform that enables the best and brightest engineers to design and implement security solutions that are as capable in their networking capabilities as they are in providing airtight security with the explicit capability to provide a user experience that can bridge the gap between these two disciplines. Its a security engineers best friend and a solution that any networking professional can easily find comfort in using.

Speaking of engineers, I have had the privilege of working with and befriending the two amazing gentlemen who have written this book. Like myself, they, too, have focused their passion, knowledge, and expertise to deliver the best security solutions money can buy, and this book will help you get the most out of your investment.

I am thrilled that Brad and Rob were kind enough to ask me to write the foreword for this invaluable resource, because were there ever a way I could thank them for the endless advice and amazing depth and breadth of knowledge regarding the capabilities of the SRX, doing so publicly and at the beginning of such an excellent resource is one of the best ways I can think of.

Thank you, Brad and Rob, for all you have done to both help create an amazing security solution for our customers and also make it easier to use. What a perfect guide to accompany an amazing security platform.

Security is one of the fastest moving segments within the realm of technology. Whereas most technology is created to offer new services or products, security is created to prevent the abuse of these new products and or services. In todays world, where we are always connected in ways that have never been available to us before, the need to secure this connectivity is greater than ever.

Most of the worlds pockets hold smart phones. These tiny devices contain more computing power than what was used to land people on the moon; the pocket GPS device that assists you in navigating your day is more advanced than the technology used on the Apollo spacecraft. That same smart phone can photograph a paper check and instantly deposit its funds to your bank account. These types of technologies were always dreamed about but now are available to almost everyone.

In this same vein, there is a humongous generation of data that is currently being created every minute of every day. More data was created within 2012 than all the other years before combined. For example, 60 hours of video are uploaded to YouTube every minute of the day. This means that there is more content uploaded to one website than you could watch within your lifetime, even if you did nothing but watch YouTube. And thats just one website and one type of media. The rapid expanse of information and data and media puts security needs at an all-time high, not only to provide security, but to provide it at higher scales and performance levels.