Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks.
Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Junos Security is a clear and detailed roadmap to the SRX platform. The author's newer book, Juniper SRX Series, covers the SRX devices themselves.
* Get up to speed on Juniper’s multi-function SRX platforms and SRX Junos software
* Explore case studies and troubleshooting tips from engineers with extensive SRX experience
* Become familiar with SRX security policy, Network Address Translation, and IPSec VPN configuration
* Learn about routing fundamentals and high availability with SRX platforms
* Discover what sets SRX apart from typical firewalls
* Understand the operating system that spans the entire Juniper Networks networking hardware portfolio
* Learn about the more commonly deployed branch series SRX as well as the large Data Center SRX firewalls
"I know these authors well. They are out there in the field applying the SRX's industry-leading network security to real world customers everyday. You could not learn from a more talented team of security engineers."
--Mark Bauhaus, EVP and General Manager, Juniper Networks

Rob Cameron is a Technical Marketing Manager for Juniper Networks' high-end security systems and the author of several SSN and SSL books published by Syngress. He is an expert on the SRX and leads the engineering teams supporting the technology across carrier, enterprise, and service provider venues.

Brad Woodberg is a Technical Marketing Engineer for Juniper Networks high-end security systems. He currently holds the JNCIE-M #356, JNCIS-FWV, JNCIS-SSL, JNCIA-IDP, JNCIA-AC, and CCNP certifications and a BS in Computer Engineering from Michigan State University. Before joining Juniper Networks Brad worked as a senior engineer at a Juniper Elite Partner where he designed, implemented, managed, and supported large network and security infrastructures.

Patricio Giecco is a Technical Marketing Engineer for Juniper Networks' branch security systems, where he designs best-practice security solutions and features for Juniper Networks. He has more than ten years of network consulting experience working for both vendors and service providers in Latin America, Europe, Asia and North America. At Juniper Networks, Patricio specializes in network security architecture, routing, risk management, and high-availability designs.

Timothy Eberhard is a Subject Matter Expert for the wireless data networks at Sprint, where he has been a member of the Network Operations team for more than four years. He is CCSP, C|EH, JNCIS-FWV, JNCIS-ER, and JNCIS-M certified. He has written two open source software tools utilized by engineers around the world for supporting Juniper firewalls: the NSSA firewall session analyzer and the TPCAT packet capture analyzer.

James Quinn is a Technical Marketing Engineer for Juniper Networks' high-end security systems. He was previously the Senior Resident Engineer for Juniper Networks at one of the largest wireless carriers in the world, and before that a senior engineer for a large public university system. He is JNCIE-M #117, JNCIE-ER #40, CCIE #8919, JNCIS-FWV, and JNCIS-ES certified and has contributed to writing Juniper Networks certification exams.

Foreword;
Preface;
This Book's Assumptions About You;
What's In This Book?;
Juniper Networks Technical Certification Program (JNTCP);
Topology for This Book;
Conventions Used in This Book;
Using Code Examples;
We'd Like to Hear from You/How to Contact Us/Comments and Questions;
Safari® Books Online;
About the Tech Reviewers;
Acknowledgments;
Chapter 1: Introduction to the SRX;
1.1 Evolving into the SRX;
1.2 The SRX Series Platform;
1.3 Deployment Solutions;
1.4 SRX Series Product Lines;
1.5 Branch SRX Series;
1.6 Data Center SRX Series;
1.7 Summary;
1.8 Chapter Review Questions;
1.9 Chapter Review Answers;
Chapter 2: What Makes Junos So Special?;
2.1 OS Basics;
2.2 Coming from Other Products;
2.3 Summary;
2.4 Chapter Review Questions;
2.5 Chapter Review Answers;
Chapter 3: Hands-On Junos;
3.1 Introduction;
3.2 Driving the Command Line;
3.3 Operational Mode;
3.4 Configuration Mode;
3.5 Commit Model;
3.6 Restarting Processes;
3.7 Junos Automation;
3.8 Junos Configuration Essentials;
3.9 Summary;
3.10 Chapter Review Questions;
3.11 Chapter Review Answers;
Chapter 4: Security Policy;
4.1 Security Policy Overview;
4.2 SRX Policy Processing;
4.3 Viewing SRX Policy Tables;
4.4 Viewing Policy Statistics;
4.5 Viewing Session Flows;
4.6 Policy Structure;
4.7 Policy Logging;
4.8 Troubleshooting Security Policy and Traffic Flows;
4.9 Application Layer Gateway Services;
4.10 Policy Schedulers;
4.11 Web and Proxy Authentication;
4.12 Case Study 4-1;
4.13 Case Study 4-2;
4.14 Converters and Scripts;
4.15 Summary;
4.16 Chapter Review Questions;
4.17 Chapter Review Answers;
Chapter 5: Network Address Translation;
5.1 How the SRX Processes NAT;
5.2 Source NAT;
5.3 Destination NAT;
5.4 Static NAT;
5.5 Summary;
5.6 Chapter Review Questions;
5.7 Chapter Review Answers;
Chapter 6: IPsec VPN;
6.1 VPN Architecture Overview;
6.2 IPsec VPN Concepts Overview;
6.3 Phase 1 IKE Negotiations;
6.4 Phase 2 IKE Negotiations;
6.5 Flow Processing and IPsec VPNs;
6.6 SRX VPN Types;
6.7 Other SRX VPN Components;
6.8 Selecting the Appropriate VPN Configuration;
6.9 IPsec VPN Configuration;
6.10 VPN Verification and Troubleshooting;
6.11 Case Studies;
6.12 Summary;
6.13 Chapter Review Questions;
6.14 Chapter Review Answers;
Chapter 7: High-Performance Attack Mitigation;
7.1 Network Protection Tools Overview;
7.2 Protecting Against Network Reconnaissance;
7.3 Protecting Against Basic IP Attacks;
7.4 Basic Denial-of-Service Screens;
7.5 Advanced Denial-of-Service and Distributed Denial-of-Service Protection;
7.6 ICMP Floods;
7.7 UDP Floods;
7.8 SYN/TCP Floods;
7.9 SYN Cookies;
7.10 Session Limitation;
7.11 AppDoS;
7.12 Application Protection;
7.13 Protecting the SRX;
7.14 Summary;
7.15 Chapter Review Questions;
7.16 Chapter Review Answers;
Chapter 8: Intrusion Prevention;
8.1 The Need for IPS;
8.2 Configuring IPS Features on the SRX;
8.3 Deploying and Tuning IPS;
8.4 Troubleshooting IPS;
8.5 Case Study 8-1;
8.6 Summary;
8.7 Chapter Review Questions;
8.8 Chapter Review Answers;
Chapter 9: Unified Threat Management;
9.1 What Is UTM?;
9.2 UTM Monitoring;
9.3 Case Study 9-1: Small Branch Office;
9.4 Summary;
9.5 Chapter Review Questions;
9.6 Chapter Review Answers;
Chapter 10: High Availability;
10.1 Understanding High Availability in the SRX;
10.2 Configuration;
10.3 Fault Monitoring;
10.4 Troubleshooting the Cluster;
10.5 Summary;
10.6 Chapter Review Questions;
10.7 Chapter Review Answers;
Chapter 11: Routing;
11.1 How the SRX "Routes" IP Packets;
11.2 Static Routing;
11.3 Dynamic Routing;
11.4 Routing Policy;
11.5 Internet Peering;
11.6 Routing Instances;
11.7 Filter-Based Forwarding;
11.8 Summary;
11.9 Chapter Review Questions;
11.10 Chapter Review Answers;
Chapter 12: Transparent Mode;
12.1 Transparent Mode Overview;
12.2 Configuring Transparent Mode;
12.3 Transparent Mode Commands and Troubleshooting;
12.4 Case Study 12-1;
12.5 Summary;
12.6 Chapter Review Questions;
12.7 Chapter Review Answers;
Chapter 13: SRX Management;
13.1 The Management Infrastructure;
13.2 J-Web;
13.3 NSM and Junos Space;
13.4 NETCONF;
13.5 Scripting and Automation;
13.6 Keeping Your Scripts Up-to-Date;
13.7 Case Studies;
13.8 Summary;
13.9 Chapter Review Questions;
13.10 Chapter Review Answers;
Colophon;