This article can also be found in the Premium Editorial Download "Information Security magazine: Security survivor all stars explain their worst data breaches."
Download it now to read this article plus other related content.
Traffic IQ Pro 1.0
Price: Starts at $4,800 for one copy
|Karalon's Traffic IQ Pro 1.0|
Karalon's Traffic IQ Pro 1.0 is a good tool for testing security devices that perform packet inspection and validate rules to ensure they are enforcing policy. Even with some rough edges, it's a strong first release that promises to improve.
How do you know if your security devices are enforcing policy correctly? It's critical to regularly validate the rules of network and security devices, particularly after changes are made to them. Thinking you're secure when you're not can be worse than not having security in the first place.
Karalon's Traffic IQ Pro 1.0 is a well-designed software tool for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, IDSes/IPSes, routers and switches.
This initial release comes with hundreds of predefined malicious and standard traffic files that test your devices' ability to detect and/or block DoS attacks, spyware, backdoors, and attacks against applications such as IIS, SQL Server and WINS.
Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP. Traffic files can be upgraded quarterly from Karalon via manual downloads.
Security managers can easily and quickly perform tests with both single and multiple traffic files. Groups can be created to test multiple traffic files against the same IP addresses.
Traffic IQ Pro is highly customizable. A command-line interface allows the scripting of tests, which can be exported and saved for later use. Security managers can also easily add their own traffic files for testing. Traffic IQ Pro can import and use all Libpcap, Netmon and BLADE Software-based packet capture files.
We installed Traffic IQ Pro on a laptop with two network cards and Windows XP (Windows 2000 and 2003 are also supported). Installation was fast, and we got Traffic IQ Pro up and running without complication. We found the product is easy to use, and we had to do little troubleshooting to get it to work as advertised.
Documentation is good, but it would be useful to have some detailed scenarios to show examples of how to use the software. We'd also like to see an error log provided as Traffic IQ Pro adds to its feature set with subsequent product releases.
This was first published in April 2006