Juniper Networks Education and Certification...
Transcript of Juniper Networks Education and Certification...
Copyright © 2013 Juniper Networks, Inc.
Juniper Networks Education and Certification ProgramQuarterly UpdateMay 2014
Copyright © 2013 Juniper Networks, Inc. 2
WELCOMEThank you for joining us!Introducing today’s speakers
• Lawrence Rust , Education Services Marketing Manager• Liz Burns, Director, Education Services Programs• Kieran Milne, JNCP Technical Lead• GUEST SPEAKER – Swastik Bihani, Director, Counter
Security
3 Copyright © 2013 Juniper Networks, Inc.
AGENDAJuniper Authorized Training
• What is happening around the globe
Updates• JNCP• New exams and courses• Learning resources
DDoS Secure• How does it work in the real world?
Keeping In TouchQuestions
Certification Program
Copyright © 2013 Juniper Networks, Inc. 4
WORLDWIDE JUNIPER EDUCATION SERVICES
Note that editable maps increase overall file size. These can be ungrouped and modified.
Value of Juniper Authorized Training Around the Globe• Expanding our footprint through global partnerships
• Partnerships include certification and standards
Juniper Networks Authorized Education Partner (JNAEP)Juniper Networks Academic Alliance (JNAA)
Copyright © 2013 Juniper Networks, Inc. 5
JUNIPER EDUCATION AROUND THE GLOBEAMERICAS UPDATENEW - Hybrid Delivery• Combine classroom and online delivery to maximize impact/benefit• JNCI delivered live in customer location with simultaneous online
classroom• Perfect for geographically distributed teams with limited travel budget
Prescriptive Training• Customized learning programs• Designed to model customer staff structure and unique requirements• Includes Juniper certification to tie learning to industry benchmarks
To learn more http://www.juniper.net/us/en/training/prescriptive/
Copyright © 2013 Juniper Networks, Inc. 6
JUNIPER EDUCATION AROUND THE GLOBEEUROPE, MIDDLE EAST, AFRICA
Expanding Juniper Networks foot print via JNAA• Training and certification event at Queen Mary University
of London• Find out more about JNAA
http://www.juniper.net/us/en/training/academicalliance/
Popular Courses• Configuring and Monitoring Contrail (CMC)
• Courses in UK and AMS in June
• Junos Mobile Backhaul (JMBH)https://learningportal.juniper.net/juniper/user_courses.aspx
Copyright © 2013 Juniper Networks, Inc. 7
JUNIPER EDUCATION AROUND THE GLOBEASIA PACIFIC, CHINA
Expanding through JNAEPs• Thailand: Vnohow
• Indonesia: P.T. Informatika Solusi Bisnis (Netlearn)
• Philippine: Dataciphers
• Singapore: Greensys SG
JNAEP’s accept Juniper Training Credits (JTC’s)
Find all JNAEP information and schedules on Education Services websitehttp://www.juniper.net/us/en/training/technical_education/authorized_education.html
8 Copyright © 2013 Juniper Networks, Inc.
AGENDAJuniper Authorized Training
• What is happening around the globe
Updates• JNCP• New exams and courses• Learning resources
DDoS Secure• How does it work in the real world?
Keeping In TouchQuestions
Certification Program
Copyright © 2013 Juniper Networks, Inc. 9
JNCP INITIATIVES1ST ANNUAL JNCP BLOGGING CONTEST
Show your thought leadership and get published!• Must be active JNCIS or above to participate
• Write about a technical topic and/or your journey to certification
• Each submission evaluated against defined criteria
• Accepted articles posted to My Certification Journey blog http://forums.juniper.net/t5/My-Certification-Journey/bg-p/CertJourney
• Drawings for fun prizes
Look for more details the second week of June
10 Copyright © 2013 Juniper Networks, Inc.
AGENDAJuniper Authorized Training
• What is happening around the globe
Updates• JNCP• New exams and courses• Learning resources
DDoS Secure• How does it work in the real world?
Keeping In TouchQuestions
Certification Program
Copyright © 2013 Juniper Networks, Inc. 11
Ass
ocia
teP
rofe
ssio
nal
Spe
cial
ist
Exp
ert
JNCIA -Junos
JNCIS-SP JNCIS-SEC
JNCIS-ENT
JNCIP-SP JNCIP-ENT
JNCIP-SEC
JNCIE-SP JNCIE-ENT
JNCIE-SEC
JNCSP-SP
JNCSP-ENT
JNCSP-SEC
JNCIP-SP JNCIP-ENT JNCIP-SECP P P
Network Engineer Support Specialist
JNCIA-E
JNCIS-E
JNCIP-E
JNCIS-FWV
JNCIS-WLAN
JNCIS-SA
JNCIS-AC
JNCIS-QF
JNCIA-IDP
P Out-of-trackPrerequisite
=
Product/Technology Track
JNCIS-ENTP
Information current as of March 2014
Service Provider Routing andSwitching
Enterprise Routing
andSwitching
JunosSecurity
Service Provider Routing and
Switching
Enterprise Routingand
Switching
JunosSecurity
E Series Firewall/VPN
WirelessLAN
JunosPulse
Secure Access
JunosPulse
Access Control
QFabric IDPSeries
Copyright © 2013 Juniper Networks, Inc. 12
EXAM UPDATES – JNCIE (NEW FORMS)
• JNCIE-SP• New forms in development• Begin use in Q2 2014
• JNCIE-ENT• New forms in development• Begin use in Q2 2014
• JNCIE-SEC• New forms start development in Q3 2014• Begin use in 2015
NO changes to exam objectivesAll preparation/study resources remain valid
Copyright © 2013 Juniper Networks, Inc. 13
ONGOING UPDATES FOR JNCP EXAMS
JNCP exams are updated on an ongoing basis• JNCIA up to JNCIE level
• Exams are updated/refreshed on a development cycle• Sometimes ‘visible’ (ex. JNCIA-Junos .. JN0-101 -> JN0-102)
• Sometimes not
• Ensures ‘freshness’ of item pool
• Ensures security of exams
Copyright © 2013 Juniper Networks, Inc. 14
FREE EXAM VOUCHERS IN STUDENT KITS
See the full list @
www.juniper.net/training/news
Copyright © 2013 Juniper Networks, Inc. 15
Q2 2014
New• JNCIE-SEC Bootcamp – LIVE
• Configuring and Monitoring Contrail (CMC) – LIVE
Updates• Junos Unified Threat Management
(JUTM)
• Junos Space Essentials (JSE)
• Junos Space for the Enterprise (JS-ENT)
• -> Split into courses for Security Director & Network Director
NEW AND UPDATED COURSEWARE
Q3 2014
New• Junos Enterprise Switching -
Enhanced Layer 2 software (JEX-ELS)
Updates• Junos Pulse Secure Access (JPSA)• Configuring and Monitoring QFabric
Systems (CMQS)• Troubleshooting QFabric Systems
(TQS)
Copyright © 2013 Juniper Networks, Inc. 16
OTHER LEARNING RESOURCES
JNCP Website Resources pagehttp://www.juniper.net/us/en/training/certification/resources.html
J-Net•Training, Certification Career Forum
• http://forums.juniper.net > Training, Certification, and Career Topics
•My Certification Journey blog
• http://forums.juniper.net/t5/My-Certification-Journey/bg-p/CertJourney
•Day One Books
• http://www.juniper.net/dayone
17 Copyright © 2013 Juniper Networks, Inc.
AGENDAJuniper Authorized Training
• What is happening around the globe
Updates• JNCP• New exams and courses• Learning resources
DDoS Secure• How does it work in the real world?
Keeping In TouchQuestions
Certification Program
Copyright © 2013 Juniper Networks, Inc. 18
JUNOS GENIUS—CERTIFICATION PREPARATION APP
Unlock your Genius … www.juniper.net/junosgenius
• Version 1.2 adds JNCIS-SEC and JNCIS-ENT
• Improved randomization of questions
• More instructors to challenge• And more device achievements
• Pinch/spread functionality in ‘My Network’
• Improved sharing of ‘My Network’ diagrams viasocial media
• JNCIS-SP deck available in Q3
Copyright © 2013 Juniper Networks, Inc. 19
JUNIPER LEARNING BYTES…EXPAND YOUR KNOWLEDGE BIT BY BIT
• What are Learning Bytes??• Short and concise tips and instructions on specific features and functions of
Juniper technologies
• Taught by training experts
• Relevant for all skill levels
• Video-based…learn when you want, in the office or on the go
• Free of charge!
Copyright © 2013 Juniper Networks, Inc. 20
OUR NEWEST LEARNING BYTES─EXPAND YOUR KNOWLEDGE BIT BY BIT
TitleConfigure a CA Profile to Verify CertificatesConfiguring route-based site-to-site IPSec VPN on the SRXIntroduction to Enhanced Layer 2 Software (ELS)Introduction to Routing Instances: Routing Instance BasicsJunos Space Network Director Image ManagementOSPFv2 Adjacency FormationOSPFv2 Neighbor/Adjacency TimersSwitching Basics on the EX Series SwitchesVirtual Chassis TroubleshootingVRF-table-label
www.juniper.net/learningbytes or www.youtube.com/junipernetworks
21 Copyright © 2013 Juniper Networks, Inc.
AGENDAJuniper Authorized Training
• What is happening around the globe
Updates• JNCP• New exams and courses• Learning resources
DDoS Secure• How does it work in the real world?
Keeping In TouchQuestions
Certification Program
Copyright © 2013 Juniper Networks, Inc.
DDOS SECURE
SWASTIK BIHANI
Copyright © 2013 Juniper Networks, Inc. 23
1999SANS discovers first botnet.
2000DDoS attacks take out eBay, CNN and Yahoo!
First DDoSMitigation Appliance launched.
2003First DDoSProxy Service launched.
2006Anonymous DDoS Habbowebsite.
2008Russia accused of DDoSagainst Georgian Govt website.
2009Iranian voters “flash crowd” government sites to protest vote rigging.
2010WikileaksOperation Payback attack Visa and Paypal.
2011LOIC popularized by Anonymous and LulzSec
2012DDoSbecomes mainstream with attacks on US banks.
2013Mobile applications being used to launch DDoS attacks
2014Largest attack of ~400Gbps seen against French targets using reflective attacks
DDOS EVOLUTION
Copyright © 2013 Juniper Networks, Inc. 24
DDOS SOLUTIONS
Clean Pipe On-Premises
DDoS Secure
Copyright © 2013 Juniper Networks, Inc. 25
KEY CONCEPT: CHARM
• Simple example: real human traffic typically bursty and irregular; machine/bot traffic is regular
• Algorithms updated regularly with characteristics of new attacks
CHARM: Real-time risk score for each source IP
0
100
Initial 50
Human-like
Machine-like
Per packet
Copyright © 2013 Juniper Networks, Inc. 26
• SIP/DNS/URL and SIP Response Time• SIP/DNS/URL Rate, Pending counts• HTTP Server Error Codes
KEY CONCEPT: RESOURCE HEALTHResource health: real-time view of status for every discrete “thing” on protected interface using stateful analysis resource responsiveness
Internet Traffic
Internet Traffic
Resources
Internet Traffic
DDoS Secure
L7
L3-4Exa
mpl
es
• Backlog queue (per resource, per port)• TCP stats: SYN, SYN-ACK, CLS, RST, etc
Copyright © 2013 Juniper Networks, Inc. 27
RESOURCE MANAGEMENT
In this example, Resource 2’s response time starts to degrade and the CHARM pass threshold is increased to start the process of rate limiting the bad traffic.
At this point the good traffic will continue to pass unhindered whilst the attackers will start to believe their attack has been successful as their request fails.
Resource 1 Resource 2 Resource 3 Resource ‘N’
The attack traffic to Resource 2 reduces as the attackers switch the attack to Resource 3.
Once again, Junos DDoS Secure responds dynamically by increasing the pass threshold for Resource 3 Limiting bad traffic.
Resource Control
Copyright © 2013 Juniper Networks, Inc. 28
KEY CURRENT PROBLEMS WE’RE SOLVING
• Compromised Mobile Handsets
• Network Usage in Amplification Attacks
Mobile SPMobile SP
• Compromised Mobile Handsets
• Network Usage in Amplification Attacks
Mobile SP
• Zero day attacks mainly targeted at Financials
• Enterprises being the recipients of Amplification Attacks
EnterprisesEnterprises
• Zero day attacks mainly targeted at Financials
• Enterprises being the recipients of Amplification Attacks
Enterprises
Copyright © 2013 Juniper Networks, Inc. 29
MOBILE NETWORK – DDOS USE CASES
• Compromised Mobile Handsets
• Network Usage in Amplification Attacks
Mobile SPMobile SP
• Compromised Mobile Handsets
• Network Usage in Amplification Attacks
Mobile SP1.
2.
Identifying Offending Handsets – RAN Protection
Preventing DNS Server Participation
In Reflection Attacks
Copyright © 2013 Juniper Networks, Inc. 30
MOBILE NETWORK – RAN PROTECTION
Internet
MME
S6a
SGW PGW
S11
S1-UUE
S5
SGi
HSS
SecGWSRX
SCTP-FW
S1-MME
PCRF
JDDS
eNodeBCluster
STRMServer
AggrRtr
Core Rtr
S1-U
S1-MME
Gx
PERtr
JDDS
SRX FW
Access Network Core Network Network Interconnect
Data Center
LTE RAN
• Malware• AV• Web Filtering• CGN• FW
•DNS•WEB•SIP
JDDS
• Expensive RAN Network resource consumption
• Blacklisting of Network IP addresses
MobileMobileMobile
1
Copyright © 2013 Juniper Networks, Inc. 31
MOBILE NETWORK – DNS ATTACKS
Internet
MME
S6a
SGW PGW
S11
S1-UUE
S5
SGi
HSS
SecGWSRX
SCTP-FW
S1-MME
PCRF
JDDS
eNodeBCluster
STRMServer
AggrRtr
Core Rtr
S1-U
S1-MME
Gx
PERtr
JDDS
SRX FW
Access Network Core Network Network Interconnect
Data Center
LTE RAN
• Malware• AV• Web Filtering• CGN• FW
•DNS•WEB•SIP
JDDS
Participation in a DNS/NTP Amplification Attack
MobileMobileMobile
2
Copyright © 2013 Juniper Networks, Inc. 32
HOW IT WORKS – DNS AMPLIFICATION (1/2)
client01
server0153
123
server0253
JDDS
IP1 � REQ A cnn.comIP1 � REQ MX cnn.comIP1 � REQ A juniper.net……………….IP1 � REQ PTR cnn.com
Copyright © 2013 Juniper Networks, Inc. 33
HOW IT WORKS – DNS AMPLIFICATION (2/2)client01
client02
client03
Attacker X
server0153
123
server0253
server03123
Attacker Y
JDDS
IPAttack � REQ A cnn.comIPAttack � REQ A cnn.comIPAttack � REQ A cnn.com……………….IPAttack � REQ A cnn.com
IPAttack
IPAttack
Decrease in CHARM Score for IPAttack
CHARM Threshold Increase for DNS
Copyright © 2013 Juniper Networks, Inc. 34
DDOS BUSINESS DRIVERS: ENTERPRISE
1.
2.
3.
Worldwide Attack SizesReaching 400Gbps
Increase in SophisticatedLayer 7 Attacks
Business Loss & Downtime From Zero-Day Attacks
• Zero day attacks mainly targeted at Financials
• Enterprises being the recipients of Amplification Attacks
EnterprisesEnterprises
• Zero day attacks mainly targeted at Financials
• Enterprises being the recipients of Amplification Attacks
Enterprises
Copyright © 2013 Juniper Networks, Inc. 35
DNS ATTACK PREVENTION
JDDS aggressively rate limits (10 pps) inbound DNS responses that do not correspond to an outbound DNS query
Copyright © 2013 Juniper Networks, Inc. 36
Innovation in Intelligence Exchange
VERISIGN PARTNERSHIP – HYBRID DDOS
1Cloud Layer- Aggregate Capacity- Globally Distributed- BGP or DNS enabled
2
On-Prem Systems- Application Intelligence- Signature-free, heuristics based full L7 Detection- “Always On” Mitigation
3
Hybrid Signaling- Phase 1: BL/WL, Attack Info (Src, Size, Dest, Type)- Phase 2: Bidirectional API level integration- Phase 3: Open Standards for Threat Signaling
Juniper DDoS Secure
Verisign Cloud DDoS
Copyright © 2013 Juniper Networks, Inc. 37
USE CASE EXAMPLE – MULTI VECTOR THREATS
VOLUMETRICATTACKS
LEGITIMATE USERS
STEALTHYATTACKS
Volumetric Attacks
CUSTOMER PREMISES
Critical Applications
Good traffic
Threat Information, Black/White List
VERISIGN CLOUD LAYER
Copyright © 2013 Juniper Networks, Inc. 38
USE CASE EXAMPLE – MULTI VECTOR THREATS
VOLUMETRICATTACKS
LEGITIMATE USERS
STEALTHYATTACKS
VERISIGN CLOUD LAYER
Critical Applications
Good traffic
CUSTOMER PREMISES
Copyright © 2013 Juniper Networks, Inc. 39
JUNIPER PORTFOLIO – BETTER TOGETHER
1 Data Center EdgeJuniper DDoS Secure
MX Routing Infrastructure
BGP Flowspec2 Upstream Signaling
3 MX Infrastructure (Policy)
Copyright © 2013 Juniper Networks, Inc. 40
JUNIPER DDOS SECURE
Don’t Chase Attacks : ‘Protect the Resource’ Philosophy
Relevant Solution : Immediate protection for the latest set of attacks
Innovation – Hybrid solution with a commitment to Open Standards
Copyright © 2013 Juniper Networks, Inc.
THANK YOU
Copyright © 2013 Juniper Networks, Inc. 42
Program Director - Liz Burns – [email protected]
Certification Program website: www.juniper.net/certification
Customer Service alias: [email protected]
KEEPING IN TOUCH
@JuniperCertify
Training, Certification and Career forum
LinkedIn – multiple LinkedIn groups