This article can also be found in the Premium Editorial Download "Information Security magazine: Security survivor all stars explain their worst data breaches."
Download it now to read this article plus other related content.
In our lab, we tested a variety of malicious and standard traffic files against two firewalls and a router. The software accurately evaluated the performance of the device's rules and configurations. We really liked the software's interface, which is well organized, easy to navigate and easy to use.
The major limitation is that Traffic IQ Pro can only be used to test devices to which a security manager has physical access. Typically, one of the network cards on the laptop with the software installed is placed logically behind the device being tested; the other network card is placed outside the device. This allows for stateful, bidirectional communication through the device, but means that you can't test remote devices. Additionally, the software can't be used to test devices that proxy.
Traffic IQ Pro provides general (date and time, basic success-failure results) and detailed reports in RTF. The detailed report provides packet-level reporting, which allows a tester to see at what point a packet filtering device blocks a specific attack. We would like to have been able to generate summary and management info.
Even with its limitations, Traffic IQ Pro is a useful, well-designed and powerful tool for testing packet-filtering devices. It's well worth keeping an eye on, as it is likely to get better.
This was first published in April 2006