David >There have been a number of 3rd party articles on >the two products... >When I was evaluating fw/vpn for our network, I >searched the web and found a number of articles on >CommWeb, Network Computing, eWeek, Tolly >Group, Network World, etc. Well, until a box is not in my test lab and I myself test it... I find these "reviews" sometimes misleading... Marcus can tell you why :) >NetScreen ranked high on all four counts. Since both >use Stateful Inspection, security was tight. OH! G! Statefull inspection is not bullet proof! Netscreen claims they hold the last sequence number used... How they hold the window size / sliding window? How they synchronize themselves against TCP/IP stacks they guard? How do they allow incoming packets? Nokia don't have this ability as far as I know a.k.a. CheckPoint. So there is a lot to check and verify before stating something. >Although I ranked NetScreen a little higher because they use a >non-commercial operating system Holy smokes! Security Through Obscurity! >that can't be purchased and therefore, reverse engineered to find the holes. Let's buy one and reverse engineer the box itself :) >Performance on the NetScreen is tops, bar none, due >to their 3rd generation ASIC. 3rd generation asic... I don't think you might have the inner design? :) >The Nokia boxes are really legacy-based PCs with CheckPoint software >running on them. True, BUT the new boxes can run at Gigabit... Did you test these before concluding? >NetScreen also has built-in SSH and SSL for secure >management. Nokia has this as well. Don't make conclusions like this before REALLY checking out. I don't claim this is good or the other is bad. But did you included in your thinking the OPSEC program of checkpoint? With big companies it do raise the check point side points. Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://www.nfr.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Thu May 31 2001 - 21:31:58 PDT