Your network devices and applications don't operate in a vacuum. They process high-speed, multi-protocol traffic, interoperating with other devices and applications. They all have vulnerabilities that can be exploited, degrade performance or cause crashes. Ixia, one of a handful of vendors that simulate real-world traffic to conduct torture tests, has introduced IxDefend, its first product designed specifically for security.
"We can simulate hundreds of thousands of subscribers with real-world traffic and real-world subscriber modeling," said Anupam Sahai, Ixia's vice president of marketing. "We simulate real-time conditions around how the traffic is consumed and modeled to make it more realistic."
Ixia shares the high-performance testing market with products from vendors, such as Karalon, Spirent Communications plc., Mu Security and BreakingPoint Systems Inc. These heavyweights are not just souped-up vulnerability assessment scanners or exploitation tools (Metasploit creator H.D. Moore is security research director at BreakingPoint). They beat up their targets under real-world, enterprise-level traffic loads to expose flaws in network and security devices and applications. Depending on the product, they use a variety of techniques to bring out the worst in their targets: databases of known exploits; protocol fuzzing to throw unusual values to try to impact or crash applications; transformation engines to evade detection, and traffic load generators to see what the target can take.
Examine Your Security Products, Eliminate Flaws: Powerful new tools examine your security investments to ensure you won't be stuck with a lemon.
Product review: Mu-4000 Security Analyzer: The Mu-4000 is a traffic generation, testing and test-monitoring tool focused on creating network attack patterns and illegitimate traffic, and measuring their impact on target machines.
Product review: Traffic IQ Pro 1.0: Karalon's Traffic IQ Pro 1.0 is a good tool for testing security devices that perform packet inspection and validate rules to ensure they are enforcing policy.
Product review: BreakingPoint Systems' BPS-1000: BreakingPoint Systems' BPS-1000 is designed to test network equipment under gigabit loads of legitimate and exploit traffic to measure performance, traffic leakage, packet dropping and stability.
IxDefend operates on the premise that vulnerabilities are typically exploited by manipulating network protocols at all levels, which can mean everything from user input to specific packet structures. It uses what Ixia calls "intelligent fuzzing," pounding the application or device with traffic that targets packet data unit (PDU) fields, the structure of protocol messages and sequence to expose and exploit flaws and trigger problems.
IxDefend includes four test bundle options, with more, including data center testing, expected:
- Routing – essential core and LAN routing
- Core Internet – TCP, UDP, IP, address resolution and essential Internet services
- VPN – virtual private network and secure Web access
- Network Management – Internet and security clients and servers
Key target markets are network equipment manufacturers, service providers -- who want to assure customers that they can meet SLA requirements without data loss or downtime -- and, increasingly, enterprises.
"Enterprises, especially financial enterprises, can use the tool to troubleshoot security loopholes or to make sure mission-critical applications, such as voice over IP, stay up and running," said Sahai. Enterprises can also use Ixia products to conduct vendor evaluation tests before committing to purchases.
IxDefend can run on a PC with no particular requirements, but for true production-level load testing, you can use it with Ixia's IxNetwork and IxLoad products on its XM2 Chassis, a 32-port beast. IxNetwork performs Layer 2-3 performance tests; IxLoad does the same for Layer 4-7. In addition, IxANVL provides protocol conformance and interoperability testing.
"Ixia helps identify mismatches in configuration, when you have a Juniper router, Cisco router and a firewall, because they're slightly different and humans make mistakes," said Eric Ogren, founder and principal analyst of the Ogren Group. "You need end-to-end testing of performance and conformance to catch that in a multi-vendor network, because you have to go through multiple networks, through complicated paths between the user, the application and the back-end database."
Products from companies like Mu and BreakingPoint are ideal for pounding devices to reveal vulnerabilities under stress. Ixia's combination of tools is particularly well-suited to how target devices and apps will perform in a complex network environment."If you want to test one network appliance, go to something like Mu," said Ogren. "Stick it in a room and hammer it. If you want to go end-to-end, the same approach from Ixia makes a lot of sense."