Never claimed one is better than the other. Never said Netscreen is not for real. Never said I TRUST the PowerPoint. All I said that one should not conclude that one is better than the other just based "reviews", magic words "statefull inspection", or his wish thinking... ALWAYS do a serious testing before concluding. Never claim that Check Point is the ultimate solution... If you know my previous posts you know I never claim that. Hope this clarifies the things. Ofir -----Original Message----- From: JVBrown [mailto:jvbrownat_private] Sent: Friday, June 01, 2001 6:43 AM To: Ofir Arkin; David Pearl; firewall-wizardsat_private Subject: RE: [fw-wiz] Nokia IP platform Versus Netscreen Platform Never lose sight of the fact that many times in technology circles....The Convert becomes the Fanatic !. Seems like a heavy dose of FW-1/Nokia juice in play here. A couple of comments are worth response. Put a NetScreen box on your bench and see if you can bust it up, especially the reverse engineering effort ! If you, or anyone else has benchmarked GigNokia, we'd be really interested in your observations. As of now, GigNokia runs only on a Powerpoint platform. Truth be known, very few have the gear required to conduct serious, repeatable tests at Gig speeds. Happy are those that believe yet do not see...(or something like that from Scripture...) NetScreen is for real ! Just ask Nokia and Cisco SE's who they view as their principal competition. Deny most, allow a few. jvb -----Original Message----- From: firewall-wizards-adminat_private [mailto:firewall-wizards-adminat_private]On Behalf Of Ofir Arkin Sent: Friday, June 01, 2001 5:06 AM To: David Pearl; firewall-wizardsat_private Subject: RE: [fw-wiz] Nokia IP platform Versus Netscreen Platform David >There have been a number of 3rd party articles on >the two products... >When I was evaluating fw/vpn for our network, I >searched the web and found a number of articles on >CommWeb, Network Computing, eWeek, Tolly >Group, Network World, etc. Well, until a box is not in my test lab and I myself test it... I find these "reviews" sometimes misleading... Marcus can tell you why :) >NetScreen ranked high on all four counts. Since both >use Stateful Inspection, security was tight. OH! G! Statefull inspection is not bullet proof! Netscreen claims they hold the last sequence number used... How they hold the window size / sliding window? How they synchronize themselves against TCP/IP stacks they guard? How do they allow incoming packets? Nokia don't have this ability as far as I know a.k.a. CheckPoint. So there is a lot to check and verify before stating something. >Although I ranked NetScreen a little higher because they use a >non-commercial operating system Holy smokes! Security Through Obscurity! >that can't be purchased and therefore, reverse engineered to find the holes. Let's buy one and reverse engineer the box itself :) >Performance on the NetScreen is tops, bar none, due >to their 3rd generation ASIC. 3rd generation asic... I don't think you might have the inner design? :) >The Nokia boxes are really legacy-based PCs with CheckPoint software >running on them. True, BUT the new boxes can run at Gigabit... Did you test these before concluding? >NetScreen also has built-in SSH and SSL for secure >management. Nokia has this as well. Don't make conclusions like this before REALLY checking out. I don't claim this is good or the other is bad. But did you included in your thinking the OPSEC program of checkpoint? With big companies it do raise the check point side points. Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://www.nfr.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 16:20:40 PDT