Ixia network security tool exposes problems

By Neil Roiter, Senior Technology Editor, Information Security magazine 02 Dec 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Your network devices and applications don't operate in a vacuum. They process high-speed, multi-protocol traffic, interoperating with other devices and applications. They all have vulnerabilities that can be exploited, degrade performance or cause crashes. Ixia, one of a handful of vendors that simulate real-world traffic to conduct torture tests, has introduced IxDefend, its first product designed specifically for security.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

"We can simulate hundreds of thousands of subscribers with real-world traffic and real-world subscriber modeling," said Anupam Sahai, Ixia's vice president of marketing. "We simulate real-time conditions around how the traffic is consumed and modeled to make it more realistic."

Ixia shares the high-performance testing market with products from vendors, such as Karalon, Spirent Communications plc., Mu Security and BreakingPoint Systems Inc. These heavyweights are not just souped-up vulnerability assessment scanners or exploitation tools (Metasploit creator H.D. Moore is security research director at BreakingPoint). They beat up their targets under real-world, enterprise-level traffic loads to expose flaws in network and security devices and applications. Depending on the product, they use a variety of techniques to bring out the worst in their targets: databases of known exploits; protocol fuzzing to throw unusual values to try to impact or crash applications; transformation engines to evade detection, and traffic load generators to see what the target can take.

Related information: Examine Your Security Products, Eliminate Flaws: Powerful new tools examine your security investments to ensure you won't be stuck with a lemon. Product review: Mu-4000 Security Analyzer: The Mu-4000 is a traffic generation, testing and test-monitoring tool focused on creating network attack patterns and illegitimate traffic, and measuring their impact on target machines. Product review: Traffic IQ Pro 1.0: Karalon's Traffic IQ Pro 1.0 is a good tool for testing security devices that perform packet inspection and validate rules to ensure they are enforcing policy. Product review: BreakingPoint Systems' BPS-1000: BreakingPoint Systems' BPS-1000 is designed to test network equipment under gigabit loads of legitimate and exploit traffic to measure performance, traffic leakage, packet dropping and stability.

IxDefend operates on the premise that vulnerabilities are typically exploited by manipulating network protocols at all levels, which can mean everything from user input to specific packet structures. It uses what Ixia calls "intelligent fuzzing," pounding the application or device with traffic that targets packet data unit (PDU) fields, the structure of protocol messages and sequence to expose and exploit flaws and trigger problems.

IxDefend includes four test bundle options, with more, including data center testing, expected:

Network Management – Internet and security clients and servers

Key target markets are network equipment manufacturers, service providers -- who want to assure customers that they can meet SLA requirements without data loss or downtime -- and, increasingly, enterprises.

"Enterprises, especially financial enterprises, can use the tool to troubleshoot security loopholes or to make sure mission-critical applications, such as voice over IP, stay up and running," said Sahai. Enterprises can also use Ixia products to conduct vendor evaluation tests before committing to purchases.

IxDefend can run on a PC with no particular requirements, but for true production-level load testing, you can use it with Ixia's IxNetwork and IxLoad products on its XM2 Chassis, a 32-port beast. IxNetwork performs Layer 2-3 performance tests; IxLoad does the same for Layer 4-7. In addition, IxANVL provides protocol conformance and interoperability testing.

SearchSecurity radio:

"Ixia helps identify mismatches in configuration, when you have a Juniper router, Cisco router and a firewall, because they're slightly different and humans make mistakes," said Eric Ogren, founder and principal analyst of the Ogren Group. "You need end-to-end testing of performance and conformance to catch that in a multi-vendor network, because you have to go through multiple networks, through complicated paths between the user, the application and the back-end database."

Products from companies like Mu and BreakingPoint are ideal for pounding devices to reveal vulnerabilities under stress. Ixia's combination of tools is particularly well-suited to how target devices and apps will perform in a complex network environment."If you want to test one network appliance, go to something like Mu," said Ogren. "Stick it in a room and hammer it. If you want to go end-to-end, the same approach from Ixia makes a lot of sense."

Tags: Network Device Management,  Monitoring Network Traffic and Network Forensics,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Device Management Researchers find thousands of flawed embedded devices Is there a way to block iPhone widgets that bypass Web filters? Will an application usage policy best control network bandwidth? What is the difference between static and dynamic network validation? How to manage network bandwidth with distributed ISP bandwidth DNSSEC deployments gain momentum since Kaminsky DNS bug Firewall rule management best practices What are best practices for fiber optic cable security? The requirements for being a PCI DSS-compliant service provider Enterprise UTM security: The best threat management solution? Monitoring Network Traffic and Network Forensics Preventing SQL injection attacks: A network admin's perspective Breach prevention: How to keep track of data and applications Researchers find thousands of flawed embedded devices Network traffic collection, analysis helps prevent data breaches Lifecycle of a network security vulnerability Port scan attack prevention best practices How to prevent network sniffing and eavesdropping DoD urges less network anonymity, more PKI use Chained Exploits: How to prevent phishing attacks from corporate spies PCI compliance requirement 10: Auditing

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary OCSP  (SearchSecurity.com) trusted computing base  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary