by May 8, 2004 0 comments

This is an entry-level firewall appliance with the added advantage of a built-in anti virus. It’s meant for small to medium organizations and regional offices. NetScreen 5GT is fairly compact and comes with optional accessories to mount it on a wall. The device sits between your company network and the outside world. For this, it has a WAN port and four LAN ports. Plus, it also has a RS232 port for connecting to a dial-up modem, and a serial port to connect it to a PC. The device can also provide VPN connectivity, for which it supports IPSec and L2TP protocols. 

Configuring the firewall is straightforward. Connect it to your network from one of the trusted LAN ports, and you can access it via telnet or Web. To test the device, we connected a machine to its WAN interface and attacked it from the machine, using some port scanners. We ran a DoS (Denial of Service) and brute force attack to see whether the firewall is capable of detecting and stopping them or not. We noticed that while the DoS attack was in progress, its Web interface became inaccessible. And in this case, it got more difficult to see the alarm at the proper time. Since, the interface itself became inaccessible, it couldn’t be figured out what type of attack was happening. There’s an option in the firewall’s configuration to generate alarms without dropping any packets. We ran the DoS attack with both options and got the same results. Thankfully, rest of the firewall didn’t get affected and continued to function normally. 

We then tried running some sniffers from both sides of the firewall, and it was able to detect the MAC-IP flip-flop happening in both and notified it by raising a proper alarm.

Finally, we also tested its built in anti virus, by sending it a few viruses (Macro, Trojans, and system) via SMTP and HTTP. Of course, before that we updated its virus definitions, which happened without any problems. The firewall easily managed to detect all viruses that tried to pass through it. As it deletes the infected mails and sends out an e-mail to the intended recipient, mentioning this action along with the name of the virus. In case, you try to download an infected mail directly via HTTP, it will open a page saying that it can’t open the file because it’s infected. One limitation we found here, was that if you try to transfer a virus-infected file between the firewall’s internal and external interface, say using FTP, it doesn’t detect the virus.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.