Traffic IQ Pro 1.0
Price: Starts at $4,800 for one copy
|Karalon's Traffic IQ Pro 1.0|
Karalon's Traffic IQ Pro 1.0 is a good tool for testing security devices that perform packet inspection and validate rules to ensure they are enforcing policy. Even with some rough edges, it's a strong first release that promises to improve.
How do you know if your security devices are enforcing policy correctly? It's critical to regularly validate the rules of network and security devices, particularly after changes are made to them. Thinking you're secure when you're not can be worse than not having security in the first place.
Karalon's Traffic IQ Pro 1.0 is a well-designed software tool for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, IDSes/IPSes, routers and switches.
This initial release comes with hundreds of predefined malicious and standard traffic files that test your devices' ability to detect and/or block DoS attacks, spyware, backdoors, and attacks against applications such as IIS, SQL Server and WINS.
Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP. Traffic files can be upgraded quarterly from Karalon via manual downloads.
Security managers can easily and quickly perform tests with both single and multiple traffic files. Groups can be created to test multiple traffic files against the same IP addresses.
Traffic IQ Pro is highly customizable. A command-line interface allows the scripting of tests, which can be exported and saved for later use. Security managers can also easily add their own traffic files for testing. Traffic IQ Pro can import and use all Libpcap, Netmon and BLADE Software-based packet capture files.
We installed Traffic IQ Pro on a laptop with two network cards and Windows XP (Windows 2000 and 2003 are also supported). Installation was fast, and we got Traffic IQ Pro up and running without complication. We found the product is easy to use, and we had to do little troubleshooting to get it to work as advertised.
Documentation is good, but it would be useful to have some detailed scenarios to show examples of how to use the software. We'd also like to see an error log provided as Traffic IQ Pro adds to its feature set with subsequent product releases.
In our lab, we tested a variety of malicious and standard traffic files against two firewalls and a router. The software accurately evaluated the performance of the device's rules and configurations. We really liked the software's interface, which is well organized, easy to navigate and easy to use.
The major limitation is that Traffic IQ Pro can only be used to test devices to which a security manager has physical access. Typically, one of the network cards on the laptop with the software installed is placed logically behind the device being tested; the other network card is placed outside the device. This allows for stateful, bidirectional communication through the device, but means that you can't test remote devices. Additionally, the software can't be used to test devices that proxy.
Traffic IQ Pro provides general (date and time, basic success-failure results) and detailed reports in RTF. The detailed report provides packet-level reporting, which allows a tester to see at what point a packet filtering device blocks a specific attack. We would like to have been able to generate summary and management info.
Even with its limitations, Traffic IQ Pro is a useful, well-designed and powerful tool for testing packet-filtering devices. It's well worth keeping an eye on, as it is likely to get better.