TweetFollow Us on Twitter

Focus Review: Juniper/Netscreen Protection

Volume Number: 23 (2007)
Issue Number: 01
Column Tag: Real World Review

Focus Review: Juniper/Netscreen Protection

Today's big bad world presents its challenges...

By Marianne Shilpa Jacobie and Neil Ticktin

The Dangers

For whatever reason, there's a group of people out there in the world who think it's fun or right to poke around and disrupt networks that are not theirs. As a result, we have more secure networks today that include routers and switches, firewalls, and VPNs (virtual private networks).

One of the biggest brands in the security business is NetScreen, which is part of Juniper Networks. Juniper has a variety of offerings, but we're going to focus on three products: the NetScreen 25, the SA 2000 and the NetScreen 5GT Wireless.

Netscreen 25

The NetScreen 25 (and the 50) are security appliances. These are integrated devices that target the enterprise "branch" office as well as remote offices, and small to medium-sized businesses. The idea is that this box protects the perimeter of your network from unwanted activities.

The NetScreen-25 offers 100Mbps of firewall and 20 Mbps of VPN performance. It can support 32,000 concurrent sessions, and 125 VPN tunnels. The NetScreen-50 offers even greater capacity: 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions, and 500 VPN tunnels.


NetScreen-25

The most important feature to the NetScreen-25/50 is that you plug it in, and it works. With little configuration, this box will immediately start protecting your network with various deep inspection firewall services, denial of service protection, and more.

This is a very capable box, and we watched it prove it's worth in stopping attacks cold that came from all over the world. It's amazing how many times networks get attacked, and the NetScreen-25 just deals with it ... cleanly and transparently.

Finally, take your pick of interfaces to match your managing style: Web UI, CLI, or NetScreen's Security Manager central management system application.

At $2,500 and up, street price, you'll more than make up for this in time on your first attack, or in creating VPNs. See http://www.juniper.net/products/integrated/ns_2550.html for more information

Juniper Networks Secure Access 2000

The Secure Access 2000 (SA 2000) SSL VPN was introduced to the Juniper Network Secure Access series in 2005. It utilizes the SSL security protocol, a secure access transport mechanism available in all standard web browsers. This enables small to medium-sized companies to provide controlled remote and extranet access to employees, partners, and clients with no infrastructure changes, DMZ deployments or software agents.


Juniper SA 2000

Apart from lowering the total cost of ownership, this function allows companies to secure access to the corporate intranet, enabling administrators to restrict access to various employees, contractors or visitors, based on the information and resources they need. The SA 2000 is based on industry-standard protocols, therefore its investment can be leveraged across many applications and resources over time. It also boasts extensive directory integration (including LDAP!) and advanced software feature sets such as multiple hostname support and a customizable user interface.

The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls. The numerous security options from the end-user device to the application data and servers, also covers coordinated threat control with Juniper Network's IDP product line. Juniper's endpoint defense initiative incorporates native functionality, client and server-side API's (created in partnership with best-of-breed endpoint security vendors), and advanced malware protection capabilities. While this keeps your Mac systems secure, it really shines for those initially difficult-to-secure Windows machines.

With the native functionality, client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or requesting network ports. Files and processes can also be checked, and their authenticity validated with MD5 checksums. The native host checker also performs security and applications checks, and carries out pre-authentication checks and enforcement. Enterprises are also enabled to write their own host check method to customize policy checks. Again, this targets Windows machines, as they need this kind of help and monitoring.

The SA 2000's access privilege management capabilities provide dynamic controlled access at the URL, file, application and server-level. This is based on a variety of session specific variables that include identity, device, security control, and network trust level.

Streamlined manageability of Juniper's SA 2000 provides role-based delegation of administrative tasks and a central management option for more unified administration. There is also a self-service feature for users that lowers help-desk support costs. Auditing and logging is fine-grained, and there are three different secure access methods to allow administrators provision by purpose. The streamlined feature set that the SA 2000 comes with would enable an enterprise to deploy secure remote access as well as a basic customer/partner extranet or secure intranet.

A cluster pair deployment option for the SA 2000 ensures high-availability across the LAN and the WAN.

An advanced license feature for the SA 2000 provides additional state-of-the-art features that would satisfy the needs of other complex deployments of varied audiences and uses, including Juniper's Central Manager. You'll find the SA 2000 Base System for about $2,000, with the Advance License at an additional cost. More information at http://www.juniper.net/products_and_services/
ssl_vpn_secure_access/secure_access_2000/

NetScreen-5GT Wireless Firewall/VPN

Ok, so you have your VPN heart with the SA 2000, and your perimeter firewall with the NetScreen-25, what about remote office security? That's where the NetScreen-5GT comes in. The NetScreen-5GT is an enterprise-class network security solution for remote office security.

The NetScreen-5GT Wireless is a part in a series of firewall/VPN line of products offered from Juniper. It is part of an integrated security solution combining stateful firewall, deep inspection firewall, IPSec VPN, antivirus and web filtering for securing a small remote office, retail outlet, or broadband telecommuter.

The NetScreen-5GT is specifically aimed at those that want to run an 802.11 b/g wireless network in a secure setting. But it gives you some fairly sophisticated features including restricted security zones (e.g., home vs. work zones), configurable wireless security zones (each with their own SSID for different types of users), redundancy for high availability, support for dual connections, fast failovers with redundant VPN tunnels and VPN monitoring.



NetScreen-5GT Wireless: Front and Back

At a street price of around $1,000, it's a great, integrated solution for those that need a secure remote office or home office, and especially one that wants seamless VPN integration with an SA 2000. For more information, see http://www.juniper.net/products/integrated/ns_5series.html

Conclusion

You need to secure your network -- one way or another. If you aren't, you're asking for trouble. Once you do secure your network, run some reports, you'll realize how often people are trying to break in. Miss one patch of some piece of web server software? They will break in.

Juniper has a set of world-class products that will protect you without you needing to be a security expert (although, you do need to know what you're doing on some level -- there's no magic here). Whether you configure them to the hilt, or use them in a more plug-in-play environment, you'll have a level of protection that will give you peace of mind. While you may not want to pay $1,000 for a router, or more for VPN and firewall software, you are protecting your network for a reason. Juniper's offerings will give you an end-to-end solution, that works well with the Mac.


The editors of MacTech Magazine are a jolly crew who spend their work time playing with their Macs and their spare time working with their Macs. You can reach them at editorial@mactech.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

The beginner's guide to Warbits
Warbits is a turn-based strategy that's clearly inspired by Nintendo's Advance Wars series. Since turn-based strategy games can be kind of tricky to dive into, see below for a few tips to help you in the beginning. Positioning is crucial [Read... | Read more »
How to upgrade your character in Spellsp...
So you’ve mastered the basics of Spellspire. By which I mean you’ve realised it’s all about spelling things in a spire. What next? Well you’re going to need to figure out how to toughen up your character. It’s all well and good being able to spell... | Read more »
5 slither.io mash-ups we'd love to...
If there's one thing that slither.io has proved, it's that the addictive gameplay of Agar.io can be transplanted onto basically anything and it will still be good fun. It wouldn't be surprising if we saw other developers jumping on the bandwagon,... | Read more »
How to navigate the terrain in Sky Charm...
Sky Charms is a whimsical match-'em up adventure that uses creative level design to really ramp up the difficulty. [Read more] | Read more »
Victorious Knight (Games)
Victorious Knight 1.3 Device: iOS Universal Category: Games Price: $1.99, Version: 1.3 (iTunes) Description: New challenges awaits you! Experience fresh RPG experience with a unique combat mechanic, packed with high quality 3D... | Read more »
Agent Gumball - Roguelike Spy Game (Gam...
Agent Gumball - Roguelike Spy Game 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Someone’s been spying on Gumball. What the what?! Two can play at that game! GO UNDERCOVERSneak past enemy... | Read more »
Runaway Toad (Games)
Runaway Toad 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: It ain’t easy bein’ green! Tap, hold, and swipe to help Toad hop to safety in this gorgeous new action game from the creators of... | Read more »
PsyCard (Games)
PsyCard 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: From the makers och Card City Nights, Progress To 100 and Ittle Dew PSYCARD is a minesweeper-like game set in a cozy cyberpunk... | Read more »
Sago Mini Robot Party (Education)
Sago Mini Robot Party 1.0 Device: iOS Universal Category: Education Price: $2.99, Version: 1.0 (iTunes) Description: -- Children's Technology Review Editor's Choice -- | Read more »
How to get a high score in every level o...
Sky Charms is an adorable match three puzzler that provides a decent challenge thanks to its creative level design. It regularly presents something new, forcing you to think on your feet. [Read more] | Read more »

Price Scanner via MacPrices.net

Apple restocks Certified Refurbished Mac mini...
Apple has restocked Certified Refurbished 2014 Mac minis, with models available starting at $419. Apple’s one-year warranty is included with each mini, and shipping is free: - 1.4GHz Mac mini: $419 $... Read more
15-inch 2.2GHz Retina MacBook Pro on sale for...
Amazon.com has the 15″ 2.2GHz Retina MacBook Pro on sale for $1699.99 including free shipping. Their price is $300 off MSRP, and it’s the lowest price available for this model from any reseller (and... Read more
Apple Beats Microsoft at Own Game; Amazon Pri...
First quarter seasonality combined with an overall disinterested customer base led to an annual decline of 14.7% in worldwide tablet shipments during the first quarter of 2016 (1Q16). Worldwide... Read more
Tablets Had Worst Quarter Since 2012, says St...
The global tablet market began 2016 just as 2015 left off, down. Tablet shipments fell 10% to 46.5 million units during the Q1 2016, according to the new “Preliminary Global Tablet Shipments and... Read more
Clearance 13-inch MacBook Airs, Apple refurbi...
Apple recently dropped prices on certified refurbished 2015 13″ MacBook Airs with 4GB of RAM with models now available starting at $759. An Apple one-year warranty is included with each MacBook, and... Read more
Clearance 12-inch Retina MacBooks, Apple refu...
Apple has dropped prices on Certified Refurbished 2015 12″ Retina MacBooks with models now available starting at $929. Apple will include a standard one-year warranty with each MacBook, and shipping... Read more
Aleratec Releases Mac Software Upgrade for 1...
California based Aleratec Inc., designer, developer and manufacturer of Portable Device Management (PDM) charge/sync products for mobile devices and professional-grade duplicators for hard disk... Read more
Sale! Amazon offers 27-inch iMac, 13-inch 2.9...
Amazon has the 27″ 3.2GHz 5K iMac and the 13″ 3.9GHz Retina MacBook Pro on sale for $300 off MSRP, each including free shipping, for a limited time: - 27″ 3.2GHz/1TB HD 5K iMac (model MK462LL/A): $... Read more
Apple refurbished 13-inch Retina MacBook Pros...
Apple has Certified Refurbished 13″ Retina MacBook Pros available for up to $270 off the cost of new models. An Apple one-year warranty is included with each model, and shipping is free: - 13″ 2.7GHz... Read more
13-inch 2.7GHz/128GB Retina MacBook Pro on sa...
Take $200 off MSRP on the price of a new 13″ 2.7GHz/128GB Retina MacBook Pro (model MF839LL/A) at Amazon. Shipping is free: - 13″ 2.7GHz/128GB Retina MacBook Pro: $1099.99 $200 off MSRP Act now if... Read more

Jobs Board

Restaurant Manager (Neighborhood Captain) - A...
…in every aspect of daily operation. WHY YOU'LL LIKE IT: You'll be the Big Apple . You'll solve problems. You'll get to show your ability to handle the stress and Read more
Automotive Sales Consultant - Apple Ford Linc...
…you. The best candidates are smart, technologically savvy and are customer focused. Apple Ford Lincoln Apple Valley is different, because: $30,000 annual salary Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
*Apple* Solutions Consultant - Apple (United...
# Apple Solutions Consultant Job Number: 48260200 Phoenix, Arizona, United States Posted: Apr. 22, 2016 Weekly Hours: 40.00 **Job Summary** As an Apple Solutions Read more
Restaurant Manager (Neighborhood Captain) - A...
…in every aspect of daily operation. WHY YOU'LL LIKE IT: You'll be the Big Apple . You'll solve problems. You'll get to show your ability to handle the stress and Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.