SRX Series Security Services

 

Juniper recognised for router and switch leadership

Tags

IHS, Juniper Networks, Survey, Router, Switch, Networking

IHS: Juniper recognised for router and switch leadership

Patrick Martlew January 09, 2018

Juniper Networks has taken the top spot in four of the top five key selection criteria for when service providers choose networking vendors, according to IHS Markit’s router and switch vendor leadership service provider survey.

The automated networking company was placed first in the technology innovation, product reliability, service and support, and security categories.

Over those four categories, Juniper outranks other heavyweights in the industry including Cisco, Huawei and Nokia,

The company has also taken the second spot in the price-to-performance category – just behind Huawei.

Juniper Networks chief marketing officer Mike Marcellin says the recognition from IHS reflects their dedication to service providers and their customers.

“At Juniper Networks, we are maniacally focused on simplicity and on meeting the evolving needs of our service provider customers in their transition into telco cloud, SD-WAN, 5G, IoT and AR/VR services,” he says.

"Our emphasis on automating, securing and simplifying the growingly complex network infrastructure to support those services means that our customers don’t have to worry about every complex detail within the network.

"We’re thrilled to see the industry validate this approach within IHS’s report and look forward to continuing to co-innovate,” Marcellin concludes.

The 12th annual report evaluated service providers’ perception among the top edge/core router and carrier Ethernet switch (CES) manufacturers.

IHS Markit executive director of research and analysis for carrier networks Michael Howard says the results of the survey has demonstrated a need for service providers to keep an innovative pace and diverse portfolio.

“The service provider landscape is rapidly evolving in the face of next-generation services,” Howard says.

“it’s clear that what matters now more than ever is a strong networking partner that can supply top-notch product reliability, price-to-performance ratio, service and support, technology innovation, and security.

Howard also says the technology represents a good value proposition looking forward and will be an important one to keep track of.

“Edge/core routers and CES will be an approximately $15.2B annual market in 2017, so it is important to understand how service providers select manufacturers, whose equipment they have installed and will evaluate for future purchases, and which manufacturers they consider to be leaders in each of the selection criteria,” Howard concludes.

× 2018-01 Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

Product Affected:

See Problem and Solution sections below.

Problem:

Modern microprocessors that implement speculative execution of instructions are susceptible to a new class of cache timing attacks being called "Meltdown" and "Spectre".  These vulnerabilities could allow an attacker to read privileged memory which may contain sensitive information such as passwords or encryption keys.

There are three known variants of the issue:

• Variant 1: bounds check bypass (CVE-2017-5753)
• Variant 2: branch target injection (CVE-2017-5715)
• Variant 3: rogue data cache load (CVE-2017-5754)

Almost all modern CPUs, including the ones in most Juniper products, use speculative execution and are potentially susceptible to these types of attacks. However, it is important to note that in order to exploit this weakness and gain access to restricted memory, the attack requires executing crafted code on the device. Many networking devices from Juniper can only execute code signed by Juniper.  In these devices there is no exposure to privileged memory being read by an unauthorized user.

Deployments where users can execute arbitrary code, including many virtualized, container, Flex, and application products are potentially impacted.  Customers should follow standard BCPs to limit exposure and apply fixes as they become available.
 

Solution:

Product Status:

Juniper SIRT is actively investigating the impact on Juniper Networks products and services.

The following products may be impacted if deployed in a way that allows unsigned code execution:

• Junos OS based platforms
• Junos Space appliance
• Qfabric Director
• CTP Series
• NSMXpress/NSM3000/NSM4000 appliances 
• STRM/Juniper Secure Analytics (JSA) appliances
• SRC/C Series

The following products are not impacted:

• ScreenOS / Netscreen platforms
• JUNOSe / E Series platforms
• BTI platforms

Juniper is continuing to investigate our product portfolio for affected products that are not mentioned above. As new information becomes available this document will be updated.

Where possible, Juniper will be developing software fixes that prevent these type of attacks.  This JSA will be updated as those fixes become available for Juniper devices.
 

Workaround:

In order to mitigate this vulnerability, only run software from trusted sources.  It is also recommended to limit the access to critical infrastructure networking equipment to only trusted administrators from trusted administrative networks or hosts.
 

Modification History:

2018-01-05: Initial publication

Related Links:

• Intel: Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

• Intel Responds to Security Research Findings

• Intel: Facts about The New Security Research Findings and Intel Products

• Project Zero: Reading privileged memory with a side-channel

• KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process

• KB16765: In which releases are vulnerabilities fixed?

• KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories

• Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team

CVSS Score:

4.1 (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

Risk Level:

Low

Risk Assessment:

In the case of Junos OS, in order to exploit this vulnerability an attacker must have a local authenticated privileged (admin) and needs to bypass the image validation checking.

Juniper : Telco Cloud

A Telco cloud is:

                  

Automated—Built as a series of virtualized objects, a Telco cloud is automated and

orchestrated to deliver network functions and capacity on demand. Rather than

the typical three-plus months required to order, install, and configure a traditional

network appliance, a Telco cloud can instantiate virtualized network elements on

industry-standard, carrier-grade compute platforms in a matter of minutes.

Scalable—A Telco cloud supports scale-up with some of the highest performance

routing and switching platforms available today, seamlessly combined with virtualized

network scalability that leverages cloud principles of scale-up/scale-out to adaptively

deliver capacity on demand. A Telco cloud can also scale down by employing smaller,

often virtualized network objects that can be pushed closer to the subscriber edge to

improve network responsiveness and deliver an improved customer experience.

Flexible—Traditionally, installing a new network function—particularly to generate

new revenues—faced a restrictive CapEx/OpEx/time hurdle, limiting new functionality.

With a Telco cloud, the network itself becomes a flexible service creation platform

that enables new capabilities to be instantiated as virtual objects into the network

with cloud network automation—all of which can be evaluated in a matter of minutes

and at a fraction of the cost and complexity of previous manual methods.