This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."
Download it now to read this article plus other related content.
ISG 2000 with IDP
REVIEWED BY PHORAM MEHTA
Price: Starts at $42,500
The marriage of firewalls and intrusion prevention makes good sense, as IPS technology matures and gets serious enterprise interest. Juniper Networks' ISG 2000 appliance combines firewall, VPN and its latest intrusion detection and prevention software in an effective, high-performance package.
ISG with IDP tightly integrates the software available on standalone IDP products with ScreenOS 5.4.0r2, a security-specific operating system with the capacity to handle high-speed, high-volume traffic inspection.
Although the appliance offers a console for configuration, the best way is to use the Netscreen Security Manager (NSM), a dedicated Red Hat Linux or Solaris console for managing Juniper security products. The user interface or the management client is the final component that is installed on an administrator's machine (Windows or Linux) to configure the ISG and any other ScreenOS-based devices in the network.
The user interface is designed well but still complex because of the number of settings and features available. When the device is added, NSM automatically detects the OS and the installed license, and enables/disables appropriate features accordingly. Adding IDP rules is easy and similar to adding firewall/VPN rules. Juniper provides a rich database of checks that can be used to match and drop, or just log the attack traffic between specified sources and destinations.
We tried--without success--to dupe the ISG 2000 using a variety of detection-evasion techniques such as splicing and fragmentation, while executing DoS and OS exploit attacks. We were amazed to see how little all those attacks affected the performance of this beast, which leverages a fourth-generation security ASIC, the GigaScreen3, along with high-speed processors.
NSM lets you view the code of the current checks and create your own checks within the IDP database.
Testing methodology: We set up a lab with Windows and Linux PCs sending legitimate as well as malicious traffic back and forth through ISG 2000.
This was first published in February 2007