Juniper Networks Secure Access 700 SA700 数据表
产品代码
SA700
Page 2
End-to-End Layered Security
The SA 700 series provides complete end-to-end layered security, ensuring that the endpoint device, data in transit, and internal resources are
secure. The SA 700 integrates seamlessly with a broad range of authentication methods and protocols and its hardened architecture effectively
protects internal resources. Security features include:
secure. The SA 700 integrates seamlessly with a broad range of authentication methods and protocols and its hardened architecture effectively
protects internal resources. Security features include:
Features
Benefits
Native Host Checker
Client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or restrict-
ing network ports; checking files/process and validating their authenticity with MD5 hash checksums. Performs version checks on security
applications, and carries out pre-authentication checks and enforcement. Enables enterprises to write their own host check method to
customize the policy checks. Resource access policy for non-compliant endpoints is configurable by administrator.
ing network ports; checking files/process and validating their authenticity with MD5 hash checksums. Performs version checks on security
applications, and carries out pre-authentication checks and enforcement. Enables enterprises to write their own host check method to
customize the policy checks. Resource access policy for non-compliant endpoints is configurable by administrator.
Host Checker API
Created in partnership with best-of-breed endpoint security vendors, enables enterprises to enforce an endpoint trust policy for managed
PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints
PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints
Host Check Server Integration API
Enables enterprises to deliver and update third party security agents from the SA 700, which reduces public-facing infrastructure, enables
consolidated reporting of security events, and enables policy-based remediation of non-compliant clients
consolidated reporting of security events, and enables policy-based remediation of non-compliant clients
Hardened security appliance and Web
server
server
Purpose-built hardware appliance and hardened security infrastructure, with no general purpose services, system-level user accounts, or
interactive shell
interactive shell
Security services employ kernel-level packet
filtering and safe routing
filtering and safe routing
Ensures that unauthenticated connection attempts, such as malformed packets or DOS attacks are filtered out
Cache Cleaner
All proxy downloads and temp files installed during the session are erased at logout, ensuring that no data is left behind
Support for strong authentication
methods and protocols including RADIUS,
LDAP, PKI, Active Directory, RSA/Secure ID
methods and protocols including RADIUS,
LDAP, PKI, Active Directory, RSA/Secure ID
Enables enterprise-strength authentication via optional integration with directories, PKI, and leading multi-factor authentication systems.
Allows administrators to establish dynamic authentication policies for each user session, based on user/device/network attributes and
specific login conditions, including an optional pre-authentication assessment to examine the client’s security state before the login page
is presented. Also includes a secure internal user database for enterprises that have not deployed 3rd party authentication.
Allows administrators to establish dynamic authentication policies for each user session, based on user/device/network attributes and
specific login conditions, including an optional pre-authentication assessment to examine the client’s security state before the login page
is presented. Also includes a secure internal user database for enterprises that have not deployed 3rd party authentication.
Auditing and logging
Full auditing and logging capabilities in a clear, easy-to-understand format, simplifying configuration, assessment and troubleshooting
Malware protection
Enables customers to provision endpoint containment capabilities and secure the endpoint either prior to granting access or during the
user session for comprehensive network protection
user session for comprehensive network protection
Ease of Use
The SA 700 features a user-friendly Web-based interface and streamlined administration making it easy to use and administer.
Features
Benefits
Streamlined administration process
designed specifically for small/medium
enterprises
designed specifically for small/medium
enterprises
Instant deployment and activation requires minimal IT knowledge
Dynamically provisioned user connectivity
At login, end users are immediately provisioned full connectivity as if running on the LAN, while important layered security functions run
transparently. Users provisioned using the Core Clientless access method upgrade are restricted to administrator configurable Web-based
applications
transparently. Users provisioned using the Core Clientless access method upgrade are restricted to administrator configurable Web-based
applications
Simple, Web-based interfaces
Both the end user and administrator interfaces are simple and Web-based, facilitating quick and easy use
Provision by Purpose
The Secure Access 700 includes two different access methods. These different methods are selected as part of the user’s role, so the administrator
can enable the appropriate access on a per-session basis, taking into account user, device, and network attributes in combination with enterprise
security policies.
can enable the appropriate access on a per-session basis, taking into account user, device, and network attributes in combination with enterprise
security policies.
Features
Benefits
Network Connect
• Provides complete network-layer connectivity via an automatically provisioned cross-platform download
• Users need only a Web browser. Network Connect transparently selects between two possible transport methods, to automatically
• Users need only a Web browser. Network Connect transparently selects between two possible transport methods, to automatically
deliver the highest performance possible for every network environment
Clientless Core Web access
(Available as an upgrade)
(Available as an upgrade)
• Access to Web-based applications, including complex JavaScript, XML or Flash-based apps and Java applets that require a socket
connection, as well as standards-based e-mail, files and telnet/SSH hosted applications
• Core Web access also enables the delivery of Java applets directly from the Secure Access appliance
• Provides the most easily accessible form of application and resource access, and enables extremely granular security control options
• Provides the most easily accessible form of application and resource access, and enables extremely granular security control options