FW/IPSec VPN Buyer’s Guide
Detailed Buyer’s Checklist
This section provides a feature/functionality checklist for each of the criteria categories to help evaluators determine the true capabilities of vendor solutions they are considering.
Evaluation Date:
Evaluated By:
| Juniper Networks | Alternate |
|
| Firewall / IPSec VPN / | Solution: |
|
Feature | Deep Inspection |
| Notes |
| Solutions* |
|
|
1. Strong Security |
|
|
|
|
|
|
|
Performs Stateful Inspection | Yes |
|
|
Protects against network- |
|
| e.g. IP fragmentation, |
level attacks | Yes |
| ICMP “ping of death” |
Protects against DoS and |
|
| e.g. Syn, UDP, ICMP |
DDoS attacks | Yes |
| Floods |
Protects against transport |
|
| e.g. Port scans, Tear Drop |
layer attacks | Yes |
| attack |
Protects against application- |
|
|
|
layer attacks: | Yes |
| e.g. Nimda Worm, Code |
Yes (SMTP, POP, IMAP) |
| Red Worm | |
Web | Yes |
|
|
FTP | Yes |
|
|
DNS | Yes |
|
|
|
|
| The use of proxies can |
Uses proxies for attack | No |
| result in significant |
detection |
|
| performance degradation |
Uses Stateful signatures for |
|
|
|
attack detection | Yes |
|
|
Uses protocol enforcement |
|
|
|
for attack detection | Yes |
|
|
| Yes, matches user defined |
|
|
Blocks malicious URLs | patterns |
|
|
| Yes, |
|
|
Protects against viruses | embedded antivirus |
|
|
Options for strong user |
|
|
|
authentication: |
|
|
|
Web Auth | Yes |
|
|
Tokens | Yes |
|
|
User name/Password: |
|
|
|
HTTP | Yes |
|
|
FTP | Yes |
|
|
Telnet | Yes |
|
|
Options for strong user |
|
|
|
verification: |
|
|
|
RADIUS | Yes |
|
|
Internal Database | Yes |
|
|
LDAP | Yes |
|
|
SecureID | Yes |
|
|
Built in attack containment |
|
|
|
Copyright © 2004, Juniper Networks, Inc. | 8 | ||