Firewall Wizards mailing list archives
RE: Nokia IP platform Versus Netscreen Platform
From: "Ofir Arkin" <ofir () sys-security com>
Date: Fri, 1 Jun 2001 02:05:54 -0700
David
There have been a number of 3rd party articles on the two products...
When I was evaluating fw/vpn for our network, I searched the web and found a number of articles on CommWeb, Network Computing, eWeek, Tolly Group, Network World, etc.
Well, until a box is not in my test lab and I myself test it... I find these "reviews" sometimes misleading... Marcus can tell you why :)
NetScreen ranked high on all four counts. Since both use Stateful Inspection, security was tight.
OH! G! Statefull inspection is not bullet proof! Netscreen claims they hold the last sequence number used... How they hold the window size / sliding window? How they synchronize themselves against TCP/IP stacks they guard? How do they allow incoming packets? Nokia don't have this ability as far as I know a.k.a. CheckPoint. So there is a lot to check and verify before stating something.
Although I ranked NetScreen a little higher because they use a non-commercial operating system
Holy smokes! Security Through Obscurity!
that can't be purchased and therefore, reverse engineered to find the
holes. Let's buy one and reverse engineer the box itself :)
Performance on the NetScreen is tops, bar none, due to their 3rd generation ASIC.
3rd generation asic... I don't think you might have the inner design? :)
The Nokia boxes are really legacy-based PCs with CheckPoint software running on them.
True, BUT the new boxes can run at Gigabit... Did you test these before concluding?
NetScreen also has built-in SSH and SSL for secure management.
Nokia has this as well. Don't make conclusions like this before REALLY checking out. I don't claim this is good or the other is bad. But did you included in your thinking the OPSEC program of checkpoint? With big companies it do raise the check point side points. Ofir Arkin [ofir () sys-security com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Nokia IP platform Versus Netscreen Platform Ofir Arkin (May 31)
- RE: Nokia IP platform Versus Netscreen Platform JVBrown (Jun 01)
- RE: Nokia IP platform Versus Netscreen Platform Ofir Arkin (Jun 01)
- <Possible follow-ups>
- Re: Nokia IP platform Versus Netscreen Platform Yang Lee (May 31)
- RE: Nokia IP platform Versus Netscreen Platform JVBrown (Jun 01)