Juniper Networks Inc has increased the inspection capabilities in the areas of VoIP and comms traffic in Oracle environments to the new version of its intrusion-detection/-prevention technology.
Version 4.0 of the Sunnyvale, California-based vendor’s IDP platform now has the ability to inspect H.225, which is the principal signaling protocol for H.323, a VoIP standard, which though slowly being replaced by Session Initiation Protocol, is still widespread and requires protection, said Anton Grashion, Juniper’s security strategist for the EMEA region.
We can now carry out protocol anomaly detection and write signatures for these environments, he said. The product already had application-layer gateways for SIP traffic, Grashion said, but now they have been added for H.225.
On the database side, Oracle’s Transparent Network Substrate listener technology, also known as the SQL*NET listener, is the service that establishes and maintains connections between client devices and Oracle database services. It does this regardless of the network protocol used at each end, enabling, for instance, a client using IPX to communicate with a server that uses TCP/IP.
It is, however, notoriously vulnerable to buffer overflow and other DoS attacks, to which end Juniper has endowed IDP 4.0 with the ability to look at this comms traffic and write signatures for such exploits.
Juniper has also added support in this release for the GPRS Tunnelling Protocol, which is the technology that enables data packets to be encapsulated in GSM networks running that 2.5G technology. Other enhancements include better endpoint profiling, which Grashion said is the ability to identify OS types and versions on the individual endpoints and support for Diffserv marking within packet headers so that different QoS levels can be established for traffic types.
The IDP technology came to Juniper from specialist developer OneSecure via NetScreen, the firewall/VPN vendor Juniper bought in 2004, which had bought OneSecure shortly beforehand. The OneSecure technology was taken to market on dedicated appliances, which first NetScreen and then Juniper have continued to sell, while porting a subset of the functionality to the FW/VPNs and, more recently, into the multi-function Integrated Security Gateway product line.
That subset could already be managed by the NetScreen Security Management platform that runs the FW/VPN appliances, Grashion said. What was missing, however, was management by NSM of the standalone IDP appliances, a gap the company has now filled in the new release of the management console, NSM 2006.1.
As a result of increasing the universe of machines it can manage, Juniper has also had to think about upping the segmentation capabilities of NSM. Therefore there is now the ability to grant administrative permission specifically and only for the IDP infrastructure on the network, as well as an ability to create domains only for certain offices or devices, Grashion said.
Juniper has also added an easy-configuration capability, which means a dedicated sensor (an IDP appliance) can be up and running without complexity, while a Policy Wizard for IDP has been added to NSM so that policy can be generated as soon as a sensor comes online.
The integration with NSM has also meant a number of attributes from the erstwhile dedicated management platform for the sensors, called IDP Manager, have been ported across to the generic security management console. They are Profiler, which provides a detailed view of app flaws and contexts for identifying what’s running on a network, and Dashboard, which gives a centralized view of the main network attacks, specific hosts, and device status. In addition, a new feature has been added called Security Explorer, a visualization capability to help admins understand network interactions and interdependencies, as well as details of the individual hosts.
Grashion said the areas where Juniper considers it is ahead of the competition are the ability to create separate domains, which he claimed to be unique in the industry, and the technology’s roles-based administration capability, with support for more six predefined admin roles but also unlimited custom ones, as well as over 100 role-based activities.
Both software releases are available as part of maintenance contracts on the IDP sensors and the NSM console, and since NSM is now replacing IDP Manager, anyone with a support contract on the latter will automatically be able to upgrade to NSM 2006.1, and every IDP appliance now comes with a five-device NSM license. The IDP appliances start at $9,000 for the low-end device, the IDP50.