Penetration Testing mailing list archives
Re: [PEN-TEST] Testing of Netscreen firewalls?
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Fri, 8 Sep 2000 13:50:36 -0500
Our security engineers have tested a Netscreen 5, 10, 100, and we just got a test NS 1000 today. Overall, these little guys are VERY resilient! The Netscreen 5 was the "worst" of them, but still blew away software end-user firewalls such as (not to pick on them more than they gotta be) BlackICE. The Netscreen 5 slowed down when bombarded with 50-some instances of jolt2 at the same time (over 10 Megabit Ether), but only when logging was enabled. It's management interface (Web gui + Serial) were still useable, but they lagged some. There isn't much for IDS on the Netscreen's (maybe on the 1000, but I have not tested it yet). The logging reports are okay. Firewall functionality of the NS5 is great! The Netscreen 10 + 100 are wonderful, and contain a third interface (DMZ, to place internet-accessible systems on), as well as the untrusted (internet) and trusted (intranet) interfaces. CLI administration is much akin to Cisco IOS, but just a little different. It's definitely modeled after IOS though. For an enlightened network engineer, the NS CLI (command line interface) syntax is easy to pick up. The NS 10 and 100 actually run a different processor (i don't remember which one now, but the NS5 uses a Mips R4000) than the NS5. They also have more internal memory, and can be upgraded with a PCMCIA card. I've made many recommendations for the NS5 for small businesses and even security-freak home xDSL/Cable users. For a cheap PIX/CheckPoint alternative, NetScreen has my approval! Noah Dunker Network Security Engineer FishNet Security * This message may not reflect the opinions of my employer -----Original Message----- From: Masse, Robert [mailto:rmasse () RICHTER CA] Sent: Friday, September 08, 2000 1:45 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Testing of Netscreen firewalls? Hi Has anyone had any negative experience with the Netscreen 10/100 products? I am starting to look at a cheaper alternative to PIX and FW1 (for the smaller companies) and wanted to know what you think of the product. I checked around the security portals for bugs or exploits and found none (however the product is relatively new and not common yet). Thanks in advance, Robert Robert Masse, CISSP Chief Technical Officer Richter Security Inc. 2 Place Alexis Nihon, suite 905 Montreal, Quebec, Canada +514 934-3566 Direct +514 934-3406 Fax
Current thread:
- [PEN-TEST] Testing of Netscreen firewalls? Masse, Robert (Sep 08)
- Re: [PEN-TEST] Testing of Netscreen firewalls? Alfred Huger (Sep 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Testing of Netscreen firewalls? Dunker, Noah (Sep 08)
- Re: [PEN-TEST] Testing of Netscreen firewalls? Jensen, Greg (Sep 08)