FW/IPSec VPN Buyer’s Guide

Detailed Buyer’s Checklist

This section provides a feature/functionality checklist for each of the criteria categories to help evaluators determine the true capabilities of vendor solutions they are considering.

Evaluation Date:

Evaluated By:

 

Juniper Networks

Alternate

 

 

Firewall / IPSec VPN /

Solution:

 

Feature

Deep Inspection

 

Notes

 

Solutions*

 

 

1. Strong Security

 

 

 

 

 

 

 

Performs Stateful Inspection

Yes

 

 

Protects against network-

 

 

e.g. IP fragmentation,

level attacks

Yes

 

ICMP “ping of death”

Protects against DoS and

 

 

e.g. Syn, UDP, ICMP

DDoS attacks

Yes

 

Floods

Protects against transport

 

 

e.g. Port scans, Tear Drop

layer attacks

Yes

 

attack

Protects against application-

 

 

 

layer attacks:

Yes

 

e.g. Nimda Worm, Code

e-mail

Yes (SMTP, POP, IMAP)

 

Red Worm

Web

Yes

 

 

FTP

Yes

 

 

DNS

Yes

 

 

 

 

 

The use of proxies can

Uses proxies for attack

No

 

result in significant

detection

 

 

performance degradation

Uses Stateful signatures for

 

 

 

attack detection

Yes

 

 

Uses protocol enforcement

 

 

 

for attack detection

Yes

 

 

 

Yes, matches user defined

 

 

Blocks malicious URLs

patterns

 

 

 

Yes, low-end products have

 

 

Protects against viruses

embedded antivirus

 

 

Options for strong user

 

 

 

authentication:

 

 

 

Web Auth

Yes

 

 

Tokens

Yes

 

 

User name/Password:

 

 

 

HTTP

Yes

 

 

FTP

Yes

 

 

Telnet

Yes

 

 

Options for strong user

 

 

 

verification:

 

 

 

RADIUS

Yes

 

 

Internal Database

Yes

 

 

LDAP

Yes

 

 

SecureID

Yes

 

 

Built in attack containment

 

 

 

Copyright © 2004, Juniper Networks, Inc.

8

Page 8
Image 8
Juniper Networks 710008-001 manual Detailed Buyer’s Checklist, Strong Security, Ftp, Dns