TweetFollow Us on Twitter

Focus Review: Juniper/Netscreen Protection

Volume Number: 23 (2007)
Issue Number: 01
Column Tag: Real World Review

Focus Review: Juniper/Netscreen Protection

Today's big bad world presents its challenges...

By Marianne Shilpa Jacobie and Neil Ticktin

The Dangers

For whatever reason, there's a group of people out there in the world who think it's fun or right to poke around and disrupt networks that are not theirs. As a result, we have more secure networks today that include routers and switches, firewalls, and VPNs (virtual private networks).

One of the biggest brands in the security business is NetScreen, which is part of Juniper Networks. Juniper has a variety of offerings, but we're going to focus on three products: the NetScreen 25, the SA 2000 and the NetScreen 5GT Wireless.

Netscreen 25

The NetScreen 25 (and the 50) are security appliances. These are integrated devices that target the enterprise "branch" office as well as remote offices, and small to medium-sized businesses. The idea is that this box protects the perimeter of your network from unwanted activities.

The NetScreen-25 offers 100Mbps of firewall and 20 Mbps of VPN performance. It can support 32,000 concurrent sessions, and 125 VPN tunnels. The NetScreen-50 offers even greater capacity: 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions, and 500 VPN tunnels.


NetScreen-25

The most important feature to the NetScreen-25/50 is that you plug it in, and it works. With little configuration, this box will immediately start protecting your network with various deep inspection firewall services, denial of service protection, and more.

This is a very capable box, and we watched it prove it's worth in stopping attacks cold that came from all over the world. It's amazing how many times networks get attacked, and the NetScreen-25 just deals with it ... cleanly and transparently.

Finally, take your pick of interfaces to match your managing style: Web UI, CLI, or NetScreen's Security Manager central management system application.

At $2,500 and up, street price, you'll more than make up for this in time on your first attack, or in creating VPNs. See http://www.juniper.net/products/integrated/ns_2550.html for more information

Juniper Networks Secure Access 2000

The Secure Access 2000 (SA 2000) SSL VPN was introduced to the Juniper Network Secure Access series in 2005. It utilizes the SSL security protocol, a secure access transport mechanism available in all standard web browsers. This enables small to medium-sized companies to provide controlled remote and extranet access to employees, partners, and clients with no infrastructure changes, DMZ deployments or software agents.


Juniper SA 2000

Apart from lowering the total cost of ownership, this function allows companies to secure access to the corporate intranet, enabling administrators to restrict access to various employees, contractors or visitors, based on the information and resources they need. The SA 2000 is based on industry-standard protocols, therefore its investment can be leveraged across many applications and resources over time. It also boasts extensive directory integration (including LDAP!) and advanced software feature sets such as multiple hostname support and a customizable user interface.

The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls. The numerous security options from the end-user device to the application data and servers, also covers coordinated threat control with Juniper Network's IDP product line. Juniper's endpoint defense initiative incorporates native functionality, client and server-side API's (created in partnership with best-of-breed endpoint security vendors), and advanced malware protection capabilities. While this keeps your Mac systems secure, it really shines for those initially difficult-to-secure Windows machines.

With the native functionality, client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or requesting network ports. Files and processes can also be checked, and their authenticity validated with MD5 checksums. The native host checker also performs security and applications checks, and carries out pre-authentication checks and enforcement. Enterprises are also enabled to write their own host check method to customize policy checks. Again, this targets Windows machines, as they need this kind of help and monitoring.

The SA 2000's access privilege management capabilities provide dynamic controlled access at the URL, file, application and server-level. This is based on a variety of session specific variables that include identity, device, security control, and network trust level.

Streamlined manageability of Juniper's SA 2000 provides role-based delegation of administrative tasks and a central management option for more unified administration. There is also a self-service feature for users that lowers help-desk support costs. Auditing and logging is fine-grained, and there are three different secure access methods to allow administrators provision by purpose. The streamlined feature set that the SA 2000 comes with would enable an enterprise to deploy secure remote access as well as a basic customer/partner extranet or secure intranet.

A cluster pair deployment option for the SA 2000 ensures high-availability across the LAN and the WAN.

An advanced license feature for the SA 2000 provides additional state-of-the-art features that would satisfy the needs of other complex deployments of varied audiences and uses, including Juniper's Central Manager. You'll find the SA 2000 Base System for about $2,000, with the Advance License at an additional cost. More information at http://www.juniper.net/products_and_services/
ssl_vpn_secure_access/secure_access_2000/

NetScreen-5GT Wireless Firewall/VPN

Ok, so you have your VPN heart with the SA 2000, and your perimeter firewall with the NetScreen-25, what about remote office security? That's where the NetScreen-5GT comes in. The NetScreen-5GT is an enterprise-class network security solution for remote office security.

The NetScreen-5GT Wireless is a part in a series of firewall/VPN line of products offered from Juniper. It is part of an integrated security solution combining stateful firewall, deep inspection firewall, IPSec VPN, antivirus and web filtering for securing a small remote office, retail outlet, or broadband telecommuter.

The NetScreen-5GT is specifically aimed at those that want to run an 802.11 b/g wireless network in a secure setting. But it gives you some fairly sophisticated features including restricted security zones (e.g., home vs. work zones), configurable wireless security zones (each with their own SSID for different types of users), redundancy for high availability, support for dual connections, fast failovers with redundant VPN tunnels and VPN monitoring.



NetScreen-5GT Wireless: Front and Back

At a street price of around $1,000, it's a great, integrated solution for those that need a secure remote office or home office, and especially one that wants seamless VPN integration with an SA 2000. For more information, see http://www.juniper.net/products/integrated/ns_5series.html

Conclusion

You need to secure your network -- one way or another. If you aren't, you're asking for trouble. Once you do secure your network, run some reports, you'll realize how often people are trying to break in. Miss one patch of some piece of web server software? They will break in.

Juniper has a set of world-class products that will protect you without you needing to be a security expert (although, you do need to know what you're doing on some level -- there's no magic here). Whether you configure them to the hilt, or use them in a more plug-in-play environment, you'll have a level of protection that will give you peace of mind. While you may not want to pay $1,000 for a router, or more for VPN and firewall software, you are protecting your network for a reason. Juniper's offerings will give you an end-to-end solution, that works well with the Mac.


The editors of MacTech Magazine are a jolly crew who spend their work time playing with their Macs and their spare time working with their Macs. You can reach them at editorial@mactech.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Logic Pro X 10.1.1 - Music creation and...
Apple Logic Pro X is the most advanced version of Logic ever. Sophisticated new tools for professional songwriting, editing, and mixing are built around a modern interface that's designed to get... Read more
VLC Media Player 2.2.0 - Popular multime...
VLC Media Player is a highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, MP3, OGG, ...) as well as DVDs, VCDs, and various streaming protocols. It... Read more
Sound Studio 4.7.8 - Robust audio record...
Sound Studio lets you easily record and professionally edit audio on your Mac. Easily rip vinyls and digitize cassette tapes, or record lectures and voice memos. Prepare for live shows with live... Read more
LibreOffice 4.4.1.2 - Free, open-source...
LibreOffice is an office suite (word processor, spreadsheet, presentations, drawing tool) compatible with other major office suites. The Document Foundation is coordinating development and... Read more
Freeway Pro 7.0.3 - Drag-and-drop Web de...
Freeway Pro lets you build websites with speed and precision... without writing a line of code! With its user-oriented drag-and-drop interface, Freeway Pro helps you piece together the website of... Read more
Cloud 3.3.0 - File sharing from your men...
Cloud is simple file sharing for the Mac. Drag a file from your Mac to the CloudApp icon in the menubar and we take care of the rest. A link to the file will automatically be copied to your clipboard... Read more
Cyberduck 4.6.5 - FTP and SFTP browser....
Cyberduck is a robust FTP/FTP-TLS/SFTP browser for the Mac whose lack of visual clutter and cleverly intuitive features make it easy to use. Support for external editors and system technologies such... Read more
Firefox 36.0 - Fast, safe Web browser. (...
Firefox for Mac offers a fast, safe Web browsing experience. Browse quickly, securely, and effortlessly. With its industry-leading features, Firefox is the choice of Web development professionals and... Read more
Thunderbird 31.5.0 - Email client from M...
As of July 2012, Thunderbird has transitioned to a new governance model, with new features being developed by the broader free software and open source community, and security fixes and improvements... Read more
VOX 2.4 - Music player that supports man...
VoxIt just sounds better! The beauty is in its simplicity, yet behind the minimal exterior lies a powerful music player with a ton of features & support for all audio formats you should ever need... Read more

Get The Whole Story – Lone Wolf Complete...
Get The Whole Story – Lone Wolf Complete is Now Available and On Sale Posted by Jessica Fisher on February 27th, 2015 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Who Wore it Best? The Counting Dead vs....
Like it or not, the “clicker” genre, popularized by cute distractions like Candy Box and Cookie Clicker, seems like it’s here to stay. So Who Wore it Best? takes a look at two recent examples: The Counting Dead and AdVenture Capitalist. | Read more »
Card Crawl, the Mini Deck Building Game,...
Card Crawl, the Mini Deck Building Game, is Coming Soon Posted by Jessica Fisher on February 27th, 2015 [ permalink ] Tinytouchtales and Mexer have announced their new game, | Read more »
Witness an all new puzzle mechanic in Bl...
Well, BlastBall MAX is not one of those games and is bucking trends such as timers, elements of randomness, and tacked-on mechanics in favor of pure puzzle gameplay. When you first boot up the game you’ll see a grid made up of squares that are each... | Read more »
This Princess Has a Dragon and She isn’t...
This Princess Has a Dragon and She isn’t Afraid to Useit. | Read more »
Mecha Showdown Review
Mecha Showdown Review By Lee Hamlet on February 27th, 2015 Our Rating: :: IN A SPINUniversal App - Designed for iPhone and iPad Mecha Showdown replaces traditional buttons with a slot machine mechanic in this robot fighting game,... | Read more »
Reliance Games and Dreamworks Unveil Rea...
Reliance Games and Dreamworks Unveil Real Steel Champions Posted by Ellis Spice on February 27th, 2015 [ permalink ] Reliance Games and Dreamworks have announced that a third game in | Read more »
Sum Idea Review
Sum Idea Review By Jennifer Allen on February 27th, 2015 Our Rating: :: TAXING NUMBERSUniversal App - Designed for iPhone and iPad Sum Idea is a fairly charming but taxing puzzle game.   | Read more »
A New Badland Update Brings Daydream Lev...
A New Badland Update Brings Daydream Levels to Co-Op Posted by Ellis Spice on February 27th, 2015 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Slashing Demons Review
Slashing Demons Review By Lee Hamlet on February 27th, 2015 Our Rating: :: IT'S A LONG WAY TO THE TOPUniversal App - Designed for iPhone and iPad Slashing Demons lacks the depth or scope to take it beyond the point of being just... | Read more »

Price Scanner via MacPrices.net

Save up to $600 with Apple refurbished Mac Pr...
The Apple Store is offering Apple Certified Refurbished Mac Pros for up to $600 off the cost of new models. An Apple one-year warranty is included with each Mac Pro, and shipping is free. The... Read more
Updated Mac Price Trackers
We’ve updated our Mac Price Trackers with the latest information on prices, bundles, and availability on systems from Apple’s authorized internet/catalog resellers: - 15″ MacBook Pros - 13″ MacBook... Read more
Apple CEO Tim Cook to Deliver 2015 George Was...
Apple CEO Tim Cook will deliver the George Washington University’s Commencement address to GWU grads on May 17, at which time he will also be awarded an honorary doctorate of public service from the... Read more
Apple restocks refurbished Mac minis for up t...
The Apple Store has restocked Apple Certified Refurbished 2014 Mac minis, with models available starting at $419. Apple’s one-year warranty is included with each mini, and shipping is free: - 1.4GHz... Read more
Save up to $50 on iPad Air 2s, NY tax only, f...
 B&H Photo has iPad Air 2s on sale for $50 off MSRP including free shipping plus NY sales tax only: - 16GB iPad Air 2 WiFi: $469.99 $30 off - 64GB iPad Air 2 WiFi: $549 $50 off - 128GB iPad Air 2... Read more
16GB iPad Air 2 on sale for $447, save $52
Walmart has the 16GB iPad Air 2 WiFi on sale for $446.99 on their online store for a limited time. Choose free shipping or free local store pickup (if available). Sale price for online orders only,... Read more
iMacs on sale for up to $205 off MSRP
B&H Photo has 21″ and 27″ iMacs on sale for up to $205 off MSRP including free shipping plus NY sales tax only: - 21″ 1.4GHz iMac: $1029 $70 off - 21″ 2.7GHz iMac: $1199 $100 off - 21″ 2.9GHz... Read more
Apple Takes 89 Percent Share of Global Smartp...
According to the latest research from Strategy Analytics, global smartphone operating profit reached US$21 billion in Q4 2014. The Android operating system captured a record-low 11 percent global... Read more
New Travel Health App “My Travel Health” iOS...
Rochester, Minnesota based Travel Health and Wellness LLC has announced that its new iOS app help safeguard the user’s health when traveling abroad — “My Travel Health” is now available on the Apple... Read more
Sale! MacBook Airs for up to $115 off MSRP
B&H Photo has MacBook Airs on sale for up to $100 off MSRP. Shipping is free, and B&H charges NY sales tax only: - 11″ 128GB MacBook Air: $799 100 off MSRP - 11″ 256GB MacBook Air: $999 $100... Read more

Jobs Board

Sr. Technical Services Consultant, *Apple*...
**Job Summary** Apple Professional Services (APS) has an opening for a senior technical position that contributes to Apple 's efforts for strategic and transactional Read more
Event Director, *Apple* Retail Marketing -...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global engagement strategy and team. Delivering an overarching brand Read more
*Apple* Pay - Site Reliability Engineer - Ap...
**Job Summary** Imagine what you could do here. At Apple , great ideas have a way of becoming great products, services, and customer experiences very quickly. Bring Read more
*Apple* Solutions Consultant - Retail Sales...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
*Apple* Solutions Consultant - Retail Sales...
**Job Summary** As an Apple Solutions Consultant (ASC) you are the link between our customers and our products. Your role is to drive the Apple business in a retail Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.