Beruflich Dokumente
Kultur Dokumente
Product Overview
Traditional signature-based Web application rewalls are awed because they rely on a library of signatures and are always susceptible to unknown or zero-day Web attacks. Junos WebApp Secure offers a new technology that uses deception to address this problem. Junos WebApp Secure is the rst Web intrusion deception system that prevents Web attackers in real time. Unlike legacy signature-based approaches, Junos WebApp Secure uses deceptive techniques and inserts detection points, or tar traps, into the code of outbound Web application traffic to proactively identify attackers before they do damagewith no false positives.
Table 1: Juniper WebApp Secure vs. Web Application Firewall (WAF) Features Comparison
Product Features Junos WebApp Secure Traditional Signature-Based WAF
Detection Techniques
Signatures Behavior analysis Web intrusion deception
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
3 3
Track
IP address Browsers (cookies across multiple IP addresses) Browsers (persistent tokens across multiple IP addresses) Software/script (ngerprinting)
3 3
Prole
IP address (geo-location) Attacker (incident history, browsers, software, and scripts) Attacker threat-level analysis Assigns name to attacker (e.g., JoeSmith27)
Respond
Automated and manual real-time response Alerting Force logout and reauthentication Force CAPTCHA Block IP addresses Block attacker (browser, software, and scripts) Warn attacker (browser) Deceptive response (slow connection) Deceptive response (simulate broken applications)
3 3 3 3 3
3 3
Compliance
Payment Card Industry (PCI) 6.6 compliant
Abuse Recording
Full HTTP Capturecaptures and displays all HTTP traffic for security incidents
Abuse Response
Abuse Responsesenables administrators to respond to application abuse with session-specic warnings, blocks, and additional checks; includes one-click automation of responses during conguration These responses include: -- Warn user, send a custom message -- Block connection and return arbitrary HTTP error -- CAPTCHA -- Connection throttling -- Logout and forced reauthentication -- Simulated broken application (strip inputs) Policy Expressionssimple expression syntax for writing automated, application-wide responses
Updates
Automatically downloaded and available within the management console
Platform Security
Hardened kernel, locked-down ports, encrypted backups
Management
Simplied conguration with setup wizards Web-Based Congurationbrowser-based interface for all deployment options Monitoring Consoleweb-based monitoring and analysis interface -- Drill into application sessions, security incidents, and abuse proles -- Manage and monitor manual and automated responses -- Deep search and ltering capabilities -- Real-time and historical system monitoring -- Multiple administrators -- Multiple applications/domains -- Remote system logging -- UI 2.0 - Enhanced workows, unied conguration & monitoring, faster performance and mobile device support -- Different UI skins available -- Role based access control -- Restful API -- STRM Series Support
SSL Inspection
Passive decryption or termination
MWS1000
Specications
Hardware (MWS1000)
CPU
Dual Intel Quad Core (2.4GHz) 2 threads / core
Performance
High availability for hardware version Higher throughput using master/slave clustering Low latency Link aggregation
Memory
48 GB DDR3
Interface
4 x 1GbE (onboard ports) 2 x SFP+ 10GbE (additional data IOCs via Intel 82599 Ethernet Controller) Note: All ports are PXE bootable
Deployment
Reverse proxy with load balancing Available as hardware Available as a VMware or Amazon Machine Image Support for alternate ports (other than 80 and 443)
Storage
4 Slots offering hardware RAID Maximum Capacity = 900 TB RAID-1 HDDs used: 450 GB SAS 10,000 rpm
Crypto
Software
Chassis
1U Rack-mountable Chassis Externally accessible hot swappable cooling fans
Client
Use Case
Mid-end performance application
Firewall
Load Balancer
Application Server
Figure 1: Where does the Junos WebApp Secure live?
Ordering Information
Model Number
MWS1000 MWS100MB MWS-HDD MWS-SP-100 MWS-SP-20 MWS-SL-1
Description
Junos WebApp Secure Hardware Appliance SW Sold Separately Junos WebApp Secure 100Mbps Licenses Junos WebApp Secure - Spare HDD 100Mbps per end customer application, per month 20Mbps per end customer application, per month Junos WebApp Secure software - 100Mbps for one geographic site. Including support and updates. One year term. Junos WebApp Secure software - 100Mbps for one geographic site. Including support and updates. Three year term.
MWS-SL-3
Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net
APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: 31.0.207.125.700 Fax: 31.0.207.125.701
To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.
Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.