TweetFollow Us on Twitter

Focus Review: Juniper/Netscreen Protection

Volume Number: 23 (2007)
Issue Number: 01
Column Tag: Real World Review

Focus Review: Juniper/Netscreen Protection

Today's big bad world presents its challenges...

By Marianne Shilpa Jacobie and Neil Ticktin

The Dangers

For whatever reason, there's a group of people out there in the world who think it's fun or right to poke around and disrupt networks that are not theirs. As a result, we have more secure networks today that include routers and switches, firewalls, and VPNs (virtual private networks).

One of the biggest brands in the security business is NetScreen, which is part of Juniper Networks. Juniper has a variety of offerings, but we're going to focus on three products: the NetScreen 25, the SA 2000 and the NetScreen 5GT Wireless.

Netscreen 25

The NetScreen 25 (and the 50) are security appliances. These are integrated devices that target the enterprise "branch" office as well as remote offices, and small to medium-sized businesses. The idea is that this box protects the perimeter of your network from unwanted activities.

The NetScreen-25 offers 100Mbps of firewall and 20 Mbps of VPN performance. It can support 32,000 concurrent sessions, and 125 VPN tunnels. The NetScreen-50 offers even greater capacity: 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions, and 500 VPN tunnels.


NetScreen-25

The most important feature to the NetScreen-25/50 is that you plug it in, and it works. With little configuration, this box will immediately start protecting your network with various deep inspection firewall services, denial of service protection, and more.

This is a very capable box, and we watched it prove it's worth in stopping attacks cold that came from all over the world. It's amazing how many times networks get attacked, and the NetScreen-25 just deals with it ... cleanly and transparently.

Finally, take your pick of interfaces to match your managing style: Web UI, CLI, or NetScreen's Security Manager central management system application.

At $2,500 and up, street price, you'll more than make up for this in time on your first attack, or in creating VPNs. See http://www.juniper.net/products/integrated/ns_2550.html for more information

Juniper Networks Secure Access 2000

The Secure Access 2000 (SA 2000) SSL VPN was introduced to the Juniper Network Secure Access series in 2005. It utilizes the SSL security protocol, a secure access transport mechanism available in all standard web browsers. This enables small to medium-sized companies to provide controlled remote and extranet access to employees, partners, and clients with no infrastructure changes, DMZ deployments or software agents.


Juniper SA 2000

Apart from lowering the total cost of ownership, this function allows companies to secure access to the corporate intranet, enabling administrators to restrict access to various employees, contractors or visitors, based on the information and resources they need. The SA 2000 is based on industry-standard protocols, therefore its investment can be leveraged across many applications and resources over time. It also boasts extensive directory integration (including LDAP!) and advanced software feature sets such as multiple hostname support and a customizable user interface.

The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls. The numerous security options from the end-user device to the application data and servers, also covers coordinated threat control with Juniper Network's IDP product line. Juniper's endpoint defense initiative incorporates native functionality, client and server-side API's (created in partnership with best-of-breed endpoint security vendors), and advanced malware protection capabilities. While this keeps your Mac systems secure, it really shines for those initially difficult-to-secure Windows machines.

With the native functionality, client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or requesting network ports. Files and processes can also be checked, and their authenticity validated with MD5 checksums. The native host checker also performs security and applications checks, and carries out pre-authentication checks and enforcement. Enterprises are also enabled to write their own host check method to customize policy checks. Again, this targets Windows machines, as they need this kind of help and monitoring.

The SA 2000's access privilege management capabilities provide dynamic controlled access at the URL, file, application and server-level. This is based on a variety of session specific variables that include identity, device, security control, and network trust level.

Streamlined manageability of Juniper's SA 2000 provides role-based delegation of administrative tasks and a central management option for more unified administration. There is also a self-service feature for users that lowers help-desk support costs. Auditing and logging is fine-grained, and there are three different secure access methods to allow administrators provision by purpose. The streamlined feature set that the SA 2000 comes with would enable an enterprise to deploy secure remote access as well as a basic customer/partner extranet or secure intranet.

A cluster pair deployment option for the SA 2000 ensures high-availability across the LAN and the WAN.

An advanced license feature for the SA 2000 provides additional state-of-the-art features that would satisfy the needs of other complex deployments of varied audiences and uses, including Juniper's Central Manager. You'll find the SA 2000 Base System for about $2,000, with the Advance License at an additional cost. More information at http://www.juniper.net/products_and_services/
ssl_vpn_secure_access/secure_access_2000/

NetScreen-5GT Wireless Firewall/VPN

Ok, so you have your VPN heart with the SA 2000, and your perimeter firewall with the NetScreen-25, what about remote office security? That's where the NetScreen-5GT comes in. The NetScreen-5GT is an enterprise-class network security solution for remote office security.

The NetScreen-5GT Wireless is a part in a series of firewall/VPN line of products offered from Juniper. It is part of an integrated security solution combining stateful firewall, deep inspection firewall, IPSec VPN, antivirus and web filtering for securing a small remote office, retail outlet, or broadband telecommuter.

The NetScreen-5GT is specifically aimed at those that want to run an 802.11 b/g wireless network in a secure setting. But it gives you some fairly sophisticated features including restricted security zones (e.g., home vs. work zones), configurable wireless security zones (each with their own SSID for different types of users), redundancy for high availability, support for dual connections, fast failovers with redundant VPN tunnels and VPN monitoring.



NetScreen-5GT Wireless: Front and Back

At a street price of around $1,000, it's a great, integrated solution for those that need a secure remote office or home office, and especially one that wants seamless VPN integration with an SA 2000. For more information, see http://www.juniper.net/products/integrated/ns_5series.html

Conclusion

You need to secure your network -- one way or another. If you aren't, you're asking for trouble. Once you do secure your network, run some reports, you'll realize how often people are trying to break in. Miss one patch of some piece of web server software? They will break in.

Juniper has a set of world-class products that will protect you without you needing to be a security expert (although, you do need to know what you're doing on some level -- there's no magic here). Whether you configure them to the hilt, or use them in a more plug-in-play environment, you'll have a level of protection that will give you peace of mind. While you may not want to pay $1,000 for a router, or more for VPN and firewall software, you are protecting your network for a reason. Juniper's offerings will give you an end-to-end solution, that works well with the Mac.


The editors of MacTech Magazine are a jolly crew who spend their work time playing with their Macs and their spare time working with their Macs. You can reach them at editorial@mactech.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

OnyX 3.8.6 - Maintenance and optimizatio...
OnyX is a multifunction utility that you can use to verify the startup disk and the structure of its system files, to run miscellaneous maintenance and cleaning tasks, to configure parameters in the... Read more
Bean 3.3.3 - Fast and uncluttered word p...
Bean is no longer being actively developed, but will be updated as necessary to patch bugs and maintain OS X compatibility Bean is lean, fast, and uncluttered. If you get depressed at the thought of... Read more
Acorn 6.6.2 - Bitmap image editor.
Acorn is a new image editor built with one goal in mind - simplicity. Fast, easy, and fluid, Acorn provides the options you'll need without any overhead. Acorn feels right, and won't drain your bank... Read more
Tor Browser 10.0 - Anonymize Web browsin...
The Tor Browser Bundle is an easy-to-use portable package of Tor, Vidalia, Torbutton, and a Firefox fork preconfigured to work together out of the box. It contains a modified copy of Firefox that... Read more
EtreCheck Pro 6.3.2 - For troubleshootin...
EtreCheck is an app that displays the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to... Read more
Macs Fan Control 1.5.8.22 - Monitor and...
Macs Fan Control allows you to monitor and control almost any aspect of your computer's fans, with support for controlling fan speed, temperature sensors pane, menu-bar icon, and autostart with... Read more
Iridient Developer 3.4 - Powerful image-...
Iridient Developer (was RAW Developer) is a powerful image-conversion application designed specifically for OS X. Iridient Developer gives advanced photographers total control over every aspect of... Read more
Motion 5.4.7 - Create and customize Fina...
Motion is designed for video editors, Motion 5 lets you customize Final Cut Pro titles, transitions, and effects. Or create your own dazzling animations in 2D or 3D space, with real-time feedback as... Read more
calibre 5.0.1 - Complete e-book library...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
Compressor 4.4.8 - Adds power and flexib...
Compressor adds power and flexibility to Final Cut Pro X export. Customize output settings, work faster with distributed encoding, and tap into a comprehensive set of delivery features. Features:... Read more

Latest Forum Discussions

See All

Blastomancer is a comfortable puzzle gam...
Blastomancer arrived on Google Play for Android at the weekend. It’s a 2D puzzle game involving cartoon stick figure wizards and lots of bombs. [Read more] | Read more »
Undercrawl is a procedurally generated r...
Undercrawl is a roguelike dungeon crawler from indie developer Monster Shop Games. It's a genre that's popular in gaming in general but features even more frequently on mobile devices since the shorter, 'run' style of playthrough suits playing in... | Read more »
Distract Yourself With These Great Mobil...
There’s a lot going on right now, and I don’t really feel like trying to write some kind of pithy intro for it. All I’ll say is lots of people have been coming together and helping each other in small ways, and I’m choosing to focus on that as I... | Read more »
BTS Universe Story, the social game that...
Netmarble's highly anticipated social game, BTS Universe Story, is available now for iOS and Android. It's the second collaboration between the hugely successful mobile developer and the K-pop superstars following BTS World. [Read more] | Read more »
The 5 Best Mobile Games Like Hades
Supergiant Games finally released Hades upon the world this week, and we’re loving it. The game plays to all of the studio’s strengths while still retaining a strong sense of identity. It also just so happens to play rather well using the Steam... | Read more »
A Year of Apple Arcade: The Good, The Ba...
Apple Arcade has persisted for just over a year at this point, and although that means I've been busy ranking and re-ranking every game on the service for just about as long, I haven't done much reflection on the service as a whole. [Read more] | Read more »
Animal Restaurant anniversary event team...
Animal idle simulator Animal Restaurant is celebrating its first-year anniversary with a crossover event with popular YouTube series Aaron’s Animals. [Read more] | Read more »
Raziel: Dungeon Arena is a hack 'n...
Raziel: Dungeon Arena is available now on mobile and will appeal to fans of both comic books and old school dungeon crawlers. Not only will you hack 'n' slash your way through mobs of enemies but there's also fully-narrated animated comic to enjoy... | Read more »
Steam Link Spotlight - Hades
Steam Link Spotlight is a feature where we look at PC games that play exceptionally well using the Steam Link app. Our last entry was on Disco Elysium. Read about how it plays using Steam Link over here. | Read more »
Microsoft has acquired ZeniMax Media and...
In the latest of a series of blockbuster moves, Microsoft has now acquired Zenimax Media and its subsidiary, Bethesda Softworks, for $7.5 billion. [Read more] | Read more »

Price Scanner via MacPrices.net

AT&T now offering $1000 discount on Apple...
AT&T is offering a $1000 discount on any Apple iPhone 11 Pro or 11 Pro Max with trade-in and new line of service. Discount applied monthly over a 30 month period. Eligible iPhone trade-ins are... Read more
New 2020 12.9″ iPad Pros on sale for up to $8...
Apple reseller Expercom has new 2020 Apple 12.9″ iPad Pros on sale today for $60-$85 off MSRP, with prices starting at $939. Not every model is in stock, but you can still order an iPad at these... Read more
Apple offers clearance 2019 27″ 5K iMacs for...
Apple has Certified Refurbished 2019 27″ 5K iMacs available starting at $1439 and up to $520 off their original MSRP. Apple’s one-year warranty is standard and shipping is free. The following... Read more
Weekend’s Best MacBook Deal: These 2020 13″ M...
Apple has a full line of Certified Refurbished 2020 13″ 1.4GHz 4-Core Touch Bar MacBook Pros available starting at $1099 and up to $230 off original MSRP. Apple’s one-year warranty is included,... Read more
Clearance 8-core iMac Pro available for $3819...
Apple has Certified Refurbished, clearance, 27″ 3.2GHz 8-Core iMac Pros available $3819 including free shipping. Their price is $1180 off the original MSRP of new models. A standard Apple one-year... Read more
How The Upcoming Mac Transition To Apple Sili...
FEATURE: 09.25.20 – Apple’s plan to transition all of its desktop and notebook computers away from Intel processors to Apple silicon, chips designed by the company itself, has been eclipsed by the... Read more
New low price! Apple Watch SE for only $269
B&H Photo is reporting limited stock of Apple’s new Apple Watch SE GPS models for $10 off MSRP and including free shipping. Their $269 price for the 40mm model is the lowest price we’ve seen so... Read more
Lowest price anywhere: New 13″ 2.0GHz MacBook...
Amazon has new 2020 13″ 2.0GHz/512GB MacBook Pros with 10th generation Intel processors back in stock on sale today for $200 off Apple’s MSRP. Shipping is free. Be sure to purchase the MacBook Pro... Read more
Apple Pro Display XDR with Nano-Texture Glass...
Amazon Apple Premier Partner GatorTec has the Apple Pro Display XDR with Nano-Texture Glass on sale for $5599 shipped, on Amazon. Their price is $400 off Apple’s MSRP, and it’s the cheapest price... Read more
Get a 2019 13″ MacBook Air for only $779 toda...
Apple has clearance, Certified Refurbished, 2019 13″ 1.6GHz/128GB MacBook Airs available again for $779. Each MacBook features a new outer case, comes with a standard Apple one-year warranty, and is... Read more

Jobs Board

Senior Product Manager, *Apple* Platforms -...
…technical/operational expertise of our employees. **Role Details:** The Senior Product Manager, Apple Platform will report to the Senior Director of Product and Read more
Tier 2 Technical Support Analyst - ( *Apple*...
…Support Analystiwho will analyze and determine user software needs on all Apple devices (first support contact), Windows devices, and support printers in the Read more
Medical Assistant - Internal Medicine *Apple...
Schedule & Location Full Time Day (80 Hours every two weeks) Apple Hill Medical Center 25 Monument Road York PA Job Description: Under the general supervision of the Read more
*Apple* Technology Journalist - Valnet Freel...
…freelance basis. Valnet Inc. is looking for journalists with strong knowledge of Apple technology for our website MakeUseOf.com MakeUseOf is one of the largest Read more
Bookseller- *Apple* Shop Support - Penn Sta...
…combination of education, certification and experience will be considered. + A+ and/or Apple certified or able to achieve certification within 60 days required. + Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.