Evaluate

Product review: BreakingPoint Systems' BPS-1000

NETWORK DEVICE TESTING

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

NETWORK DEVICE TESTING

BPS-1000
REVIEWED BY ED SKOUDIS

BreakingPoint Systems
Price: Starts at $185,000

Before enterprises deploy new network equipment, they need to make sure they can handle a barrage of traffic, including exploits and attacks.

BreakingPoint Systems' BPS-1000 is designed to test network equipment under gigabit loads of legitimate and exploit traffic to measure performance, traffic leakage, packet dropping and stability.

Test Comprehensiveness

A-

The BPS-1000 is unique in supporting tests at various layers of the protocol stack, all in one package.

Other tools focus on testing a device at one layer, such as the ability to switch Ethernet frames (Layer 2) or evaluate how network equipment routes packets (Layer 3) and handles malformed headers (Layer 3 and up). Others simulate large numbers of TCP sessions (Layer 4) or complex application mixes (Layer 7). Still others launch exploit traffic through a network device to see how it detects and blocks attacks (again at Layer 7).

The BPS-1000 also includes traffic replay capabilities to spit out packets from a capture file, modifying elements of the headers, including IP address and TCP sequence numbers. Playback can be sped up or slowed down to see how the device deals with changes in the rate of incoming traffic.

However, the tool is architected to test network equipment only, not end-system targets. Based on a sender-receiver architecture, the tool is designed to send packets and determine what makes it through a network device. Unlike other security testing products, the BPS-1000 is not designed to attack end systems and determine which particular packets caused them to crash.

Security Testing Capabilities

The BPS-1000's security testing capabilities are outstanding, but also where expanded functionality would be most useful. The tool includes hundreds of different "strike" packages, each capable of launching a different exploit. Further, testers can use several dozen obfuscation and encoding techniques for the strikes to dodge packet-inspection technologies like firewalls and network-based IPS tools, representing the most comprehensive exploit and evasion testing technology on the market today.

However, while you can run through a series of tests to see how a mix of traffic affects the target network device, you can't iterate step-by-step by changing specific fields or set break points during a given test. This forces you to conduct tedious manual hunting to discover which elements caused a crash or error condition.

Setup and Configuration

B+

Configuring tests is straightforward. Each type of test traffic you choose is represented as an icon on a graphical display of a data center rack. You can tweak a test by simply clicking on the appropriate icon and altering its settings. The BPS-1000 also includes a variety of Quick Tests to evaluate Ethernet traffic handling, IP routing, TCP session support and exploit blocking. It also supports TCL-based code for custom tests (Ruby, Python and Perl scripts will be supported in future releases).

The GUI is intuitive and flexible, but suffers from issues typical of a first release; some dialog boxes lack a cancel button, and some of the drag-and-drop features for grouping strikes require very careful dropping in a small subsection of the GUI.

Reporting

Numerous reporting options are available, including PDF, HTML and XLS formats. The system auto-generates well-organized reports that include a synopsis, success criteria (as defined by BreakingPoint), pie charts of traffic types, and graphs of transmitted and received packets sorted by application type.

Verdict

The BPS-1000 offers comprehensive, fast and flexible testing, the best we've seen for generating exploits and evasion tactics.

Testing methodology: We configured the BPS-1000 to send data through a switch, a routing system and a network-based IPS device, using a mix of test traffic that included legitimate TCP sessions, exploit traffic and malformed packets.

This was last published in February 2008

Dig Deeper on Network device security: Appliances, firewalls and switches

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Resources

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.