Juniper Networks 710008-001 Detailed Buyer’s Checklist, Juniper Networks, Alternate, Solution

Juniper Networks

Alternate

Firewall / IPSec VPN /

Solution:

Feature

Deep Inspection

Notes

Solutions*

1. Strong Security

Performs Stateful Inspection

Yes

Protects against network-

e.g. IP fragmentation,

level attacks

Yes

ICMP “ping of death”

Protects against DoS and

e.g. Syn, UDP, ICMP

DDoS attacks

Yes

Floods

Protects against transport

e.g. Port scans, Tear Drop

layer attacks

Yes

attack

Protects against application-

layer attacks:

Yes

e.g. Nimda Worm, Code

e-mail

Yes (SMTP, POP, IMAP)

Red Worm

Web

Yes

FTP

Yes

DNS

Yes

The use of proxies can

Uses proxies for attack

No

result in significant

detection

performance degradation

Uses Stateful signatures for

attack detection

Yes

Uses protocol enforcement

for attack detection

Yes

Yes, matches user defined

Blocks malicious URLs

patterns

Yes, low-end products have

Protects against viruses

embedded antivirus

Options for strong user

authentication:

Web Auth

Yes

Tokens

Yes

User name/Password:

HTTP

Yes

FTP

Yes

Telnet

Yes

Options for strong user

verification:

RADIUS

Yes

Internal Database

Yes

LDAP

Yes

SecureID

Yes

Built in attack containment

Copyright © 2004, Juniper Networks, Inc.

8