Intrusion Prevention: Juniper Networks' ISG 2000 with IDP - Information Security Magazine

Intrusion Prevention: Juniper Networks' ISG 2000 with IDP

INTRUSION PREVENTION


ISG 2000 with IDP
REVIEWED BY PHORAM MEHTA

Juniper Networks
Price: Starts at $42,500

@exb

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.
@exe

The marriage of firewalls and intrusion prevention makes good sense, as IPS technology matures and gets serious enterprise interest. Juniper Networks' ISG 2000 appliance combines firewall, VPN and its latest intrusion detection and prevention software in an effective, high-performance package.


Installation/ConfigurationB+  
The ISG 2000 is a multigigabit integrated firewall/VPN system with a modular architecture, enabling high scalability and flexibility. To add IDP, the organization has to get an advanced license, possibly buy extra memory and purchase up to three security modules, depending on their usage and throughput requirement.

ISG with IDP tightly integrates the software available on standalone IDP products with ScreenOS 5.4.0r2, a security-specific operating system with the capacity to handle high-speed, high-volume traffic inspection.

Although the appliance offers a console for configuration, the best way is to use the Netscreen Security Manager (NSM), a dedicated Red Hat Linux or Solaris console for managing Juniper security products. The user interface or the management client is the final component that is installed on an administrator's machine (Windows or Linux) to configure the ISG and any other ScreenOS-based devices in the network.

The user interface is designed well but still complex because of the number of settings and features available. When the device is added, NSM automatically detects the OS and the installed license, and enables/disables appropriate features accordingly. Adding IDP rules is easy and similar to adding firewall/VPN rules. Juniper provides a rich database of checks that can be used to match and drop, or just log the attack traffic between specified sources and destinations.


Effectiveness/PerformanceA  
Juniper Networks' Multi-Method Detection (MMD) technology uses up to eight different intrusion detection methods, including stateful signature, protocol and traffic anomaly detection, and backdoor detection.

We tried--without success--to dupe the ISG 2000 using a variety of detection-evasion techniques such as splicing and fragmentation, while executing DoS and OS exploit attacks. We were amazed to see how little all those attacks affected the performance of this beast, which leverages a fourth-generation security ASIC, the GigaScreen3, along with high-speed processors.

NSM lets you view the code of the current checks and create your own checks within the IDP database.


AdministrationB  
Like any access control system, it is imperative that the IDP rules be verified and updated on regular intervals on the basis of the normal traffic flow. It's easy to set up daily updates and many other tasks, such as importing updated configurations and rebooting devices. The management interface can be used to specify actions like SNMP, syslog or email alerts when specified criteria are matched. Because NSM stores all the information required on the server, you can take care of device and log backups like any other system.


ReportingB+  
NSM's reporting module is a powerful and intuitive tool, with multiple predefined reports grouped by type of data, including firewall/VPN, IDP and administration. Each grouping includes many report templates for top attacks, attackers and targets, giving comprehensive information with graphs. You can also create custom report queries and run them automatically. Reports can be exported only in HTML format.


Verdict
ISG 2000 with IDP is an excellent appliance that offers a powerful combination of effectiveness and performance, flexibility and manageability, and low cost of ownership.


Testing methodology: We set up a lab with Windows and Linux PCs sending legitimate as well as malicious traffic back and forth through ISG 2000.

This was first published in February 2007