This article can also be found in the Premium Editorial Download "Information Security magazine: Betting the house on network anomaly detection systems."
Download it now to read this article plus other related content.
Test labs are the ideal place to check theory against reality.
It's nice to buy new, but nothing matches the thrill of getting a $50,000 VPN concentrator for $72.47 (shipping included) on eBay. eBay has a world of problems: You can't get quantities; prices are unpredictable; and quality is haphazard. But, if you're not in a hurry and are willing to wait for the right item, eBay can save you up to 90 percent on test lab equipment. Volumes have been written about how to get the best deals on eBay, but buying for a test lab is different. Avoid premium-priced brands and look for equivalent products. Cisco Systems gets a premium for its products because of its technical and maintenance support, the assurance of a top-tier vendor and its commitment to supporting even the oldest gear. But none of that is important in a test lab. If you need a LAN-switching infrastructure, buy Extreme Networks gear instead. A used Cisco 2948G costs between $750 and $1,000, but the Extreme Summit 48, with essentially identical capabilities, better performance and quieter fans, goes for half that price.
Of course, eBay isn't always the right answer. Sometimes you do want the same gear in your lab as you have in your production network. But, when you can save money, why not give eBay a try?
— JOEL SNYDER
Equipment and software testing is a fact of life for the network security manager. When a pile of security and performance patches comes in from the great unknown, the test lab is your sanity check. When your RFP for new equipment hits the street, the test lab is where you verify whether hardware meets the specs. When planning changes to your security infrastructure, the test lab is where you experiment on your theories.
Magazine and online product reviews, analyst reports and white papers can help with product assessments, but a well-equipped test lab will give you the peace of mind that a product is right for your enterprise.
So what makes a good test lab?
For most network managers, building a test lab isn't a foreign task: It's just a smaller version of their production network. But, setting up a reliable testing environment means acquiring infrastructure, adding test equipment and establishing repeatable procedures to keep you from reinventing the wheel. Proper security testing starts with solid network infrastructure, and, because testing is an ongoing process, it pays to have a variety of equipment on hand.
Fortunately, network infrastructure is cheap — at least for testing purposes. With the exception of testing performance, you can live with off-the-shelf 10/100 switching equipment and slightly antiquated servers. If you can't scavenge from within the company, high-quality gear for pennies can be found at online auctioneer eBay, the de facto marketplace for used technology (see "Infrastructure via eBay," p. 40). Next, you need samples of all your production security infrastructure devices, especially firewalls. But, before charging up the company credit card, check with the manufacturer — some offer indefinite loans of demo units or significant discounts on cold-spare hardware. For software, where the vendor's cost is zero, negotiating a test lab license should be part of your standard purchasing procedure.
Finally, take a peek in your storerooms. You probably have a pile of dual-650 MHz rackmounted servers sitting around; they are perfect for testing. Your criteria here should be memory and ease of reconfiguration. In our lab, we use 2U Hewlett-Packard LPr servers. Dell, IBM and Compaq boxes are also excellent choices. As you stack up servers, you'll need a KVM (keyboard-video-mouse) switch. Forget the little eight-port ones you see around — they won't do. The Avocent Autoboot XP4040 is a recently retired — but still widely available — workhorse with virtually unlimited expansion capabilities. If you have a large corporate KVM switch, you might be able to use that. It's good practice to use these switches' built-in security features to keep the lab and production systems from being shown on the same console. This will also eliminate the potential of accidentally rebooting or, worse, reformatting the wrong system.
Systems generally fall into two categories: permanent and temporary. Perma-nent servers form the backbone of your lab's software services. For example, every lab needs a certificate authority to test PKI features. It pays to set this up once — not every time you need a digital certificate. You'll also find that authentication servers, such as RADIUS and LDAP, are repeatedly used and should be permanent fixtures. Any common corporate applications that can be easily replicated, such as Microsoft Exchange or Lotus Notes, along with your corporate Web server and database, should be running permanently in your test lab. You'll also need a file server to store software kits and other data.
This was first published in July 2005