Security infrastructure

Authentication servers, intrusion-prevention systems (IPS), IPSec VPNs, security appliances, SSL VPNs

By Christine Burns and Keith Shaw, Network World, 02/28/05

 Start a discussion    Print article

 Comments (1)    Print article

Winner: Juniper's NetScreen-SA 5000

The point of an SSL VPN is to give users easy remote access to all the applications they know and love.

In our first test of these gateway products, NetScreen (Juniper bought NetScreen Technologies after we tested the product) narrowly edged out the Nokia Secure Access System to top the list of the seven SSL VPN gateways tested. Based on testing completed by Network World Lab Alliance member Joel Snyder, the NetScreen device garnered the win based on high overall interoperability results, good access control mechanisms and outstanding application support.

On the latter, the NetScreen-SA 5000 offered a strong mix of application translation, terminal emulation, port forwarding and network extension and application layer gateway mechanisms to let users tap into a number of network programs over an SSL link. In all, we tested NetScreen's interoperability against 20 enterprise applications. NetScreen hit the interoperability mark on 100% of the basic Web-based programs and 78% of the file service-based applications tested. In addition, NetScreen offers quite a few "thin-client" options to support cross-platform users.

In terms of controlling access, the NetScreen box has strong Lightweight Directory Access Protocol directory and RADIUS server connections, offers an innovative mail pass-through authentication feature and gives an administrator good control over SSL security settings.

Update THE PRODUCT: Just after we tested the SA-5000, NetScreen upgraded the product to provide a host of new access privilege management features, streamlined administration capabilities, detailed role-based delegation of management tasks and a highly customizable user interface. At the same time, NetScreen rolled out Net­Screen Secure Access Central Manager, a unified policy and configuration management product for centrally controlling multiple SSL gateways. Since finalizing the NetScreen acquisition in April, Juniper has added Security Assertion Markup Language support and single sign-on capabilities to its SSL VPN products. In a December point release, it added Korean and Spanish language ties, provisioning tools, integration with Citrix, secure online meeting and Microsoft Outlook calendaring applications. THE COMPANY: Juniper’s $4 billion stock buyout of NetScreen was pretty much the big news. However, the company also announced its Juniper Endpoint Defense Initiative (yes, it uses JEDI as the acronym) to help tie its products to the emerging class of endpoint security products from Sygate Technologies, Symantec and WholeSecurity. Juniper also reported picking up big customer wins with the European Investment Bank, Legal Services for New York City and Baoviet Insurance.

PRODUCT MASTERMIND

The woman: Vivian Ganitsky, product director

Job duties: She manages the team responsible for setting the strategy for new security enterprise products and driving products' life cycle from definition to launch, deployment and customer support.

Favorite Feature: "My favorite feature is dynamic access privilege management, particularly the value that we bring to customers [when this feature is] combined with our endpoint security capabilities."

Finalists Because our assumption for testing SSL VPNs early last year was that they must fit into existing networks, determining which one is best for your network truly does depend on your environment. To that end, you can use our security infrastructure finalists on a short list of products that deserve a closer comparison against your specific requirements. F5 Networks FirePass Controller 4000 makes the short list because of the broad range of applications and authentication methods it supports, its delegated management and outstanding reporting/logging features, and its virus-scanning features. The Nokia Secure Access System earned its finalist spot because it offers outstanding fine-grained access control, very good authentication support including certificates and group-mapping features and smart break-in/evasion features.