Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Experiences with Netscreen?

From: Peter Bruderer <brudy () bruderer-research com>
Date: Thu, 12 Oct 2000 05:33:35 +0200


Bret Watson <lists () ticm com>  writes:

the Infrastructure manager is lobbying to install netscreen to replace 
gauntlet in the org I'm working for...


Netscreen is not a replacement for Gauntlet. Netscreen is a real stateful 
paketfilter. It is robust, stable, has no known vulnerabilities.


I'm trying to halt this one - I feel uneasy about a prod that fails to give 
any info about how it works - esp when it claims to do IDS, but then 
doesn't talk about what technology and how...


IDS is a big word. Netscreen does alert you if it detects SYN/UDP flood, 
detects some attacks like land, ping of death, etc. but that's it.


Any experiences? Is this a good firewall for a small office? is the IDS 
really in the same league as NFR, RealSecure, CyberCop?


Netscreen is nothing compared to NFR, Cybercop or Snort.


Would you really exchange Gauntlet for this?

No.

Netscreen is definitely a good and solid product. It has it's strength in 
VPN. It has no application level gateways. The fixed port configuration can 
be quite handy for small offices, in bigger environments it does not scale 
well.

I use Netscreen mainly in transparent mode (stealth mode) to protect 
firewalls like Gauntlet.

Gauntlet alone is quite risky. If you follow the installation instructions, 
it is recommended to install a developer system on solaris which is totally 
against all rules for a firewall. In this case you have too many open ports 
(RPC, X11, xdmcp and others) which are not blocked by default.

Therefore I like to put Gauntlet in a sandwich of Netscreens or Sunscreens.

The other way is to have a Netscreen and build some application level 
gateways yourself.
 

have fun ...

-- 
===============================================================
 Peter Bruderer             mailto:brudy () bruderer-research com
 Bruderer Research GmbH                  Tel ++41 52 620 26 53
 IT Security Services                    Fax ++41 52 620 26 54
 CH-8200 Schaffhausen         http://www.bruderer-research.com
===============================================================



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: