TweetFollow Us on Twitter

Focus Review: Juniper/Netscreen Protection

Volume Number: 23 (2007)
Issue Number: 01
Column Tag: Real World Review

Focus Review: Juniper/Netscreen Protection

Today's big bad world presents its challenges...

By Marianne Shilpa Jacobie and Neil Ticktin

The Dangers

For whatever reason, there's a group of people out there in the world who think it's fun or right to poke around and disrupt networks that are not theirs. As a result, we have more secure networks today that include routers and switches, firewalls, and VPNs (virtual private networks).

One of the biggest brands in the security business is NetScreen, which is part of Juniper Networks. Juniper has a variety of offerings, but we're going to focus on three products: the NetScreen 25, the SA 2000 and the NetScreen 5GT Wireless.

Netscreen 25

The NetScreen 25 (and the 50) are security appliances. These are integrated devices that target the enterprise "branch" office as well as remote offices, and small to medium-sized businesses. The idea is that this box protects the perimeter of your network from unwanted activities.

The NetScreen-25 offers 100Mbps of firewall and 20 Mbps of VPN performance. It can support 32,000 concurrent sessions, and 125 VPN tunnels. The NetScreen-50 offers even greater capacity: 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions, and 500 VPN tunnels.


NetScreen-25

The most important feature to the NetScreen-25/50 is that you plug it in, and it works. With little configuration, this box will immediately start protecting your network with various deep inspection firewall services, denial of service protection, and more.

This is a very capable box, and we watched it prove it's worth in stopping attacks cold that came from all over the world. It's amazing how many times networks get attacked, and the NetScreen-25 just deals with it ... cleanly and transparently.

Finally, take your pick of interfaces to match your managing style: Web UI, CLI, or NetScreen's Security Manager central management system application.

At $2,500 and up, street price, you'll more than make up for this in time on your first attack, or in creating VPNs. See http://www.juniper.net/products/integrated/ns_2550.html for more information

Juniper Networks Secure Access 2000

The Secure Access 2000 (SA 2000) SSL VPN was introduced to the Juniper Network Secure Access series in 2005. It utilizes the SSL security protocol, a secure access transport mechanism available in all standard web browsers. This enables small to medium-sized companies to provide controlled remote and extranet access to employees, partners, and clients with no infrastructure changes, DMZ deployments or software agents.


Juniper SA 2000

Apart from lowering the total cost of ownership, this function allows companies to secure access to the corporate intranet, enabling administrators to restrict access to various employees, contractors or visitors, based on the information and resources they need. The SA 2000 is based on industry-standard protocols, therefore its investment can be leveraged across many applications and resources over time. It also boasts extensive directory integration (including LDAP!) and advanced software feature sets such as multiple hostname support and a customizable user interface.

The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls. The numerous security options from the end-user device to the application data and servers, also covers coordinated threat control with Juniper Network's IDP product line. Juniper's endpoint defense initiative incorporates native functionality, client and server-side API's (created in partnership with best-of-breed endpoint security vendors), and advanced malware protection capabilities. While this keeps your Mac systems secure, it really shines for those initially difficult-to-secure Windows machines.

With the native functionality, client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or requesting network ports. Files and processes can also be checked, and their authenticity validated with MD5 checksums. The native host checker also performs security and applications checks, and carries out pre-authentication checks and enforcement. Enterprises are also enabled to write their own host check method to customize policy checks. Again, this targets Windows machines, as they need this kind of help and monitoring.

The SA 2000's access privilege management capabilities provide dynamic controlled access at the URL, file, application and server-level. This is based on a variety of session specific variables that include identity, device, security control, and network trust level.

Streamlined manageability of Juniper's SA 2000 provides role-based delegation of administrative tasks and a central management option for more unified administration. There is also a self-service feature for users that lowers help-desk support costs. Auditing and logging is fine-grained, and there are three different secure access methods to allow administrators provision by purpose. The streamlined feature set that the SA 2000 comes with would enable an enterprise to deploy secure remote access as well as a basic customer/partner extranet or secure intranet.

A cluster pair deployment option for the SA 2000 ensures high-availability across the LAN and the WAN.

An advanced license feature for the SA 2000 provides additional state-of-the-art features that would satisfy the needs of other complex deployments of varied audiences and uses, including Juniper's Central Manager. You'll find the SA 2000 Base System for about $2,000, with the Advance License at an additional cost. More information at http://www.juniper.net/products_and_services/
ssl_vpn_secure_access/secure_access_2000/

NetScreen-5GT Wireless Firewall/VPN

Ok, so you have your VPN heart with the SA 2000, and your perimeter firewall with the NetScreen-25, what about remote office security? That's where the NetScreen-5GT comes in. The NetScreen-5GT is an enterprise-class network security solution for remote office security.

The NetScreen-5GT Wireless is a part in a series of firewall/VPN line of products offered from Juniper. It is part of an integrated security solution combining stateful firewall, deep inspection firewall, IPSec VPN, antivirus and web filtering for securing a small remote office, retail outlet, or broadband telecommuter.

The NetScreen-5GT is specifically aimed at those that want to run an 802.11 b/g wireless network in a secure setting. But it gives you some fairly sophisticated features including restricted security zones (e.g., home vs. work zones), configurable wireless security zones (each with their own SSID for different types of users), redundancy for high availability, support for dual connections, fast failovers with redundant VPN tunnels and VPN monitoring.



NetScreen-5GT Wireless: Front and Back

At a street price of around $1,000, it's a great, integrated solution for those that need a secure remote office or home office, and especially one that wants seamless VPN integration with an SA 2000. For more information, see http://www.juniper.net/products/integrated/ns_5series.html

Conclusion

You need to secure your network -- one way or another. If you aren't, you're asking for trouble. Once you do secure your network, run some reports, you'll realize how often people are trying to break in. Miss one patch of some piece of web server software? They will break in.

Juniper has a set of world-class products that will protect you without you needing to be a security expert (although, you do need to know what you're doing on some level -- there's no magic here). Whether you configure them to the hilt, or use them in a more plug-in-play environment, you'll have a level of protection that will give you peace of mind. While you may not want to pay $1,000 for a router, or more for VPN and firewall software, you are protecting your network for a reason. Juniper's offerings will give you an end-to-end solution, that works well with the Mac.


The editors of MacTech Magazine are a jolly crew who spend their work time playing with their Macs and their spare time working with their Macs. You can reach them at editorial@mactech.com.

 
AAPL
$111.78
Apple Inc.
-0.87
MSFT
$47.66
Microsoft Corpora
+0.14
GOOG
$516.35
Google Inc.
+5.25

MacTech Search:
Community Search:

Software Updates via MacUpdate

NeoOffice 2014.6 - Mac-tailored, OpenOff...
NeoOffice is a complete office suite for OS X. With NeoOffice, users can view, edit, and save OpenOffice documents, PDF files, and most Microsoft Word, Excel, and PowerPoint documents. NeoOffice 3.x... Read more
LibreOffice 4.3.5.2 - Free Open Source o...
LibreOffice is an office suite (word processor, spreadsheet, presentations, drawing tool) compatible with other major office suites. The Document Foundation is coordinating development and... Read more
CleanApp 5.0.0 Beta 5 - Application dein...
CleanApp is an application deinstaller and archiver.... Your hard drive gets fuller day by day, but do you know why? CleanApp 5 provides you with insights how to reclaim disk space. There are... Read more
Monolingual 1.6.2 - Remove unwanted OS X...
Monolingual is a program for removing unnecesary language resources from OS X, in order to reclaim several hundred megabytes of disk space. It requires a 64-bit capable Intel-based Mac and at least... Read more
NetShade 6.1 - Browse privately using an...
NetShade is an Internet security tool that conceals your IP address on the web. NetShade routes your Web connection through either a public anonymous proxy server, or one of NetShade's own dedicated... Read more
calibre 2.13 - Complete e-library manage...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
Mellel 3.3.7 - Powerful word processor w...
Mellel is the leading word processor for OS X and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more
ScreenFlow 5.0.1 - Create screen recordi...
Save 10% with the exclusive MacUpdate coupon code: AFMacUpdate10 Buy now! ScreenFlow is powerful, easy-to-use screencasting software for the Mac. With ScreenFlow you can record the contents of your... Read more
Simon 4.0 - Monitor changes and crashes...
Simon monitors websites and alerts you of crashes and changes. Select pages to monitor, choose your alert options, and customize your settings. Simon does the rest. Keep a watchful eye on your... Read more
BBEdit 11.0.2 - Powerful text and HTML e...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more

Latest Forum Discussions

See All

Make your own Tribez Figures (and More)...
Make your own Tribez Figures (and More) with Toyze Posted by Jessica Fisher on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
So Many Holiday iOS Sales Oh My Goodness...
The holiday season is in full-swing, which means a whole lot of iOS apps and games are going on sale. A bunch already have, in fact. Naturally this means we’re putting together a hand-picked list of the best discounts and sales we can find in order... | Read more »
It’s Bird vs. Bird in the New PvP Mode f...
It’s Bird vs. Bird in the New PvP Mode for Angry Birds Epic Posted by Jessica Fisher on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Telltale Games and Mojang Announce Minec...
Telltale Games and Mojang Announce Minecraft: Story Mode – A Telltale Games Series Posted by Jessica Fisher on December 19th, 2014 [ permalink ] | Read more »
WarChest and Splash Damage Annouce Their...
WarChest and Splash Damage Annouce Their New Game: Tempo Posted by Jessica Fisher on December 19th, 2014 [ permalink ] WarChest Ltd and Splash Damage Ltd are teaming up again to work | Read more »
BulkyPix Celebrates its 6th Anniversary...
BulkyPix Celebrates its 6th Anniversary with a Bunch of Free Games Posted by Jessica Fisher on December 19th, 2014 [ permalink ] BulkyPix has | Read more »
Indulge in Japanese cuisine in Cooking F...
Indulge in Japanese cuisine in Cooking Fever’s new sushi-themed update Posted by Simon Reed on December 19th, 2014 [ permalink ] Lithuanian developer Nordcurrent has yet again updated its restaurant simulat | Read more »
Badland Daydream Level Pack Arrives to C...
Badland Daydream Level Pack Arrives to Celebrate 20 Million Downloads Posted by Ellis Spice on December 19th, 2014 [ permalink ] | Read more »
Far Cry 4, Assassin’s Creed Unity, Desti...
Far Cry 4, Assassin’s Creed Unity, Destiny, and Beyond – AppSpy Takes a Look at AAA Companion Apps Posted by Rob Rich on December 19th, 2014 [ permalink ] These day | Read more »
A Bunch of Halfbrick Games Are Going Fre...
A Bunch of Halfbrick Games Are Going Free for the Holidays Posted by Ellis Spice on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »

Price Scanner via MacPrices.net

13-inch 2.6GHz Retina MacBook Pro on sale for...
Best Buy has lowered their price on the 2014 13″ 2.6GHz/128GB Retina MacBook Pro to $1149.99 on their online store for a limited time. That’s $150 off MSRP and the lowest price available for this... Read more
Kodak Returns to CES With New Consumer Produ...
Former photography colossus Kodak is returning to CES for the first time in three years where the Kodak booth (#21818 South Hall 1) will showcase a wide range of innovative, imaging-related products... Read more
Invaluable Launches New Eponymously -Named A...
Invaluable, the world’s largest online live auction marketplace, hhas announced the official launch of the Invaluable app for iPad, now available for download in the iTunes App Store. Invaluable... Read more
IDC Reveals Worldwide Mobile Enterprise Appli...
International Data Corporation (IDC) last week hosted the IDC FutureScape: Worldwide Mobile Enterprise Applications and Solutions 2015 Predictions Web conference. The session provided organizations... Read more
Hello Vino Wine App Launches “Safe Ride Home”...
Hello Vino has announced addition of a new “Get a Safe Ride Home” feature in its Food & Drink app with a direct connection to Uber, the technology platform that connects users with rides. The... Read more
DEVON-technologies Releases DEVONthink To Go...
Coeur d’Alene, Idaho based DEVON-technologies, LLC has updated DEVONthink To Go, its mobile companion to DEVONthink, to version 1.5. The update includes an iOS 8 extension, compatibility with the... Read more
The Apple Store offering free next-day shippi...
The Apple Store is now offering free next-day shipping on all in stock items if ordered before 12/23/14 at 10:00am PT. Local store pickup is also available within an hour of ordering for any in stock... Read more
It’s 1992 Again At Sony Pictures, Except For...
Techcrunch’s John Biggs interviewed a Sony Pictures Entertainment (SPE) employee, who quite understandably wished to remain anonymous, regarding post-hack conditions in SPE’s L.A office, explaining “... Read more
OtterBox Defender Series Case For iPad mini 3...
With their innovative Touch ID technology and ultrathin profile, the latest tranche of Apple iPads are more desirable than ever, and OtterBox has just announced the Defender Series custom-engineered... Read more
Holiday sales this weekend: MacBook Pros for...
 B&H Photo has new MacBook Pros on sale for up to $300 off MSRP as part of their Holiday pricing. Shipping is free, and B&H charges NY sales tax only: - 15″ 2.2GHz Retina MacBook Pro: $1699... Read more

Jobs Board

*Apple* Store Leader Program (US) - Apple, I...
…Summary Learn and grow as you explore the art of leadership at the Apple Store. You'll master our retail business inside and out through training, hands-on experience, Read more
Project Manager, *Apple* Financial Services...
**Job Summary** Apple Financial Services (AFS) offers consumers, businesses and educational institutions ways to finance Apple purchases. We work with national and Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.