Juniper Networks 710008-001 manual

FW/IPSec VPN Buyer’s Guide

		Safenet
Open source code		No
The number of years the		FW/VPN – June 1998
solutions have been		Deep Inspection/Intrusion
available on the market		Prevention – Feb 2002
The applications that have
been recognized as best-of-		FW/VPN/Deep Inspection
breed		(Gartner Magic Quadrant)
				Simplifies deployment,
All functionality managed		FW/VPN/Deep Inspection		reduces chance for human
with the same console		managed with same		error that could result in
		interface/console		vulnerabilities
Built in features that protect
against tampering:
•	Packaging sealed	Yes
•	with custom tape	Yes
•	Uses tamper seals	Yes
	to indicate	Yes
•	authenticity
•	Hardware can	Yes
	restrict remote	Yes
	access via access
•	lists
•	Access list creation	Yes
	based on IP and	Yes
•	MAC addresses
•	Hardware protects	Yes
	against password	Yes
•	overrides
•	Hardware uses	Yes
	secure connections	Yes
	secure connections
•	for remote access	Yes		• A custom OS is less
	Custom OS built for	Yes		• A custom OS is less
	Custom OS built for			prone to known attacks
	security	Yes		prone to known attacks
•	security			than a general purpose
	OS is hardened			than a general purpose
	OS is hardened	Yes		OS
•	FIPs certified for	Yes		OS
•	FIPs certified for
	physical protection
	of keys and
	configuration, as
	well as software
	protection
Guards against
vulnerabilities within the
system itself:		One, Juniper Networks
•	The number of	One, Juniper Networks
	different patches that	uses a single OS
	need to potentially
•	be applied	None, purpose-built
•	The general purpose	None, purpose-built
	systems or platforms	appliance with custom OS
	that are used

		• Juniper Networks
		NetScreen-Remote or
		Juniper Networks
		NetScreen-Secure
		Access (SSL) for
		remote/mobile users
Copyright © 2004, Juniper Networks, Inc.			10