Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Testing of Netscreen firewalls?

From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Fri, 8 Sep 2000 13:50:36 -0500
Our security engineers have tested a Netscreen 5, 10, 100,
and we just got a test NS 1000 today.  Overall, these little
guys are VERY resilient!  The Netscreen 5 was the "worst" of
them, but still blew away software end-user firewalls such as
(not to pick on them more than they gotta be) BlackICE.

The Netscreen 5 slowed down when bombarded with 50-some
instances of jolt2 at the same time (over 10 Megabit Ether),
but only when logging was enabled.  It's management interface
(Web gui + Serial) were still useable, but they lagged some.
There isn't much for IDS on the Netscreen's (maybe on the
1000, but I have not tested it yet).  The logging reports
are okay.  Firewall functionality of the NS5 is great!

The Netscreen 10 + 100 are wonderful, and contain a third
interface (DMZ, to place internet-accessible systems on),
as well as the untrusted (internet) and trusted (intranet)
interfaces.  CLI administration is much akin to Cisco IOS,
but just a little different.  It's definitely modeled after
IOS though.  For an enlightened network engineer, the NS
CLI (command line interface) syntax is easy to pick up.

The NS 10 and 100 actually run a different processor (i don't
remember which one now, but the NS5 uses a Mips R4000) than
the NS5.  They also have more internal memory, and can be
upgraded with a PCMCIA card.  I've made many recommendations
for the NS5 for small businesses and even security-freak home
xDSL/Cable users.  For a cheap PIX/CheckPoint alternative,
NetScreen has my approval!

Noah Dunker
Network Security Engineer
FishNet Security

* This message may not reflect the opinions of my employer

-----Original Message-----
From: Masse, Robert [mailto:rmasse () RICHTER CA]
Sent: Friday, September 08, 2000 1:45 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Testing of Netscreen firewalls?


Hi

Has anyone had any negative experience with the Netscreen 10/100 products?
I am starting to look at a cheaper alternative
to PIX and FW1 (for the smaller companies) and wanted to know what you think
of the product.

I checked around the security portals for bugs or exploits and found none
(however the product is relatively new and
not common yet).

Thanks in advance,

Robert


Robert Masse, CISSP
Chief Technical Officer

Richter Security Inc.
2 Place Alexis Nihon, suite 905
Montreal, Quebec, Canada
+514 934-3566 Direct
+514 934-3406 Fax
Previous By Date Next
Previous By Thread Next

Current thread: