TABLE OF CONTENTS This chapter covers the nuts and bolts of the security features in Juniper Networks NetScreen firewall products. As you ve no doubt already discovered, these devices are packed with features that make life easier for administrators easy-to-configure VPNs (virtual private networks), built-in DHCP (Dynamic Host Control Protocol) servers, advanced Network Address Translation (NAT) functionality, support for a wide range of routing protocols, and much more. But a firewall s primary responsibility has always been security keeping the bad bits out, and letting the good bits in.
In addition to the strong feature set used for network administration is an equally strong set of protective tools. NetScreen firewalls have always protected owners from classic attacks such as Land, Teardrop, and other network layer-based attacks. These defensive SCREEN features allow for zone-specific settings based upon the risk factor of the facing network segment.
And while protecting at the network layer is both important and efficient, in today s world of application layer-specific attacks, it s not sufficient security coverage all by itself. Starting with tentative steps for application layer coverage in ScreenOS 4.0 with the Malicious URL feature, NetScreen firewalls now have full application layer coverage for typical Internet-facing protocols with Deep Inspection (DI), found in ScreenOS version 5.0 and later.
Combine the Application Layer Gateway features with the advanced filtering features and antivirus (AV) protection, and a complete coverage picture emerges. But what are we protecting ourselves from?
A network can be attacked in many different ways, and each day we learn of new...
