Juniper Networks SSG 5 and SSG 20 Security Policy
The device does not employ a maintenance interface or have a maintenance role.
Authentication
The security appliance supports identity-based authentication. Operators must be authenticated using
user names and passwords. All operators can be authenticated locally (within the security appliance).
Based on his identity, an operator assumes the correct role.
The module supports identity-based authentication through the local database for the Cryptographic
Officer Role, the User Role, and the Read-Only User Role.
In order for authentication data to be protected against disclosure, substitution and modification,
passwords are not echoed during entry. A separate session is assigned to each successful
administrator login. On power down, previous authentications are erased from memory and need to
be re-authenticated again on power-up.
The first time an operator logs on to the module, the operator uses the default user name and
password which is “netscreen”, “netscreen”. This user is assigned the Crypto-Officer role.
Strength of Authentication
User names and passwords are case-sensitive. The password consists of at least six alphanumeric
characters. Since there are 26 uppercase letters, 26 lowercase letters, and 10 digits, the total number
of available characters is 62. The probability of someone guessing a password is 1/(62
6
) =
1/56,800,235,584 , which is far less than a 1/1,000,000 random success rate. This also applies to the
RADIUS shared secret, as well as authentication through the SSH protected channel.
If three login attempts from the console fail consecutively, the console will be disabled for one minute.
If three login attempts from Telnet or the WebUI (through VPN with AES encryption) fail consecutively,
any login attempts from that source will be dropped for one minute. Since a user is locked our after
three contiguous login failures, the random success rate per minute is 1/(62
6
) + 1/ (62
6
) + 1/(62
6
) =
3/(62
6
), which is far less than 1/100,000.
To Next Page
Loading...
Need help?
General
