Evaluating Network and Security Devices
Upcoming SlideShare
Loading in...5
×
 

Evaluating Network and Security Devices

on

  • 765 views

Capabilities presentation covering use case scenarios for evaluating DPI, network and security devices.

Capabilities presentation covering use case scenarios for evaluating DPI, network and security devices.

Statistics

Views

Total Views
765
Views on SlideShare
764
Embed Views
1

Actions

Likes
0
Downloads
9
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Evaluating Network and Security Devices Evaluating Network and Security Devices Presentation Transcript

  • Evaluating Network and Security Devices
  • Escalating Network Mayhem
    2
  • The Industry’s Answer
    Unified Computing/Cloud Computing
    Dedicated
    Application Servers
    • Single server per application
    • Distributed network
    Application Servers
    • Multiple applications
    • Single server
    Application Delivery Controllers
    • Content-aware
    • Layer 2-7 traffic
    Routers/Switches
    • Stateless
    • Layer 2-3 traffic
    Load Balancers
    • Content-aware
    • Layer 2-4 traffic
    Unified Multi-Purpose Systems, Virtualized Systems
    • Multiple servers
    • Single application
    • Network-aware
    Network Devices
    Application Servers
  • The Crucial Role of Deep Packet Inspection (DPI)
    Visibility and control through inspection of packet data
    Beyond header and basic packet filtering
    Inspection of Layer 4-7 payload
    Content across packets and flows
    Enabling technology for critical initiatives
    Security: IDS/IPS, DoS
    Data Loss Prevention
    Rate Shaping (QoS) & SLAs (monetization)
    Lawful Intercept
    Copyright Enforcement
  • Validating DPI Capabilities is Challenging
    Static content is necessary but insufficient
    Protocol changes between applications
    Changes affect data rates
    Security attacks are dynamic by nature
    Security attacks are intentionally evasive
    Traditional techniques present challenges
    Ever changing real exploits and targets
    Large labs, massive hardware, and expensive software to scale to today’s performance requirements
    Debunking the value of PCAPs
    Designed for shells, not testing
  • 5 Essentials for Validating DPI-Enabled Products
    Realism: Blended application traffic combined with live obfuscated attacks
    Future-proof: The most current application protocols (P2P, Mail Services, Voice/Video, etc.) and all known security vulnerabilities
    High performance: Line-rate traffic generation to validate DPI
    High capacity: Millions of concurrent TCP sessions to emulate millions of users
    Unified: Integrated performance and security testing in a flexible system.
  • Real Application Traffic Matters
    Performance
    (Megabits)
    Traffic Mix
  • Comprehensive Resiliency Testing
  • Resiliency Testing Architecture
    TM
    TM
  • Application Protocols and Security Coverage
    100+ stateful application protocols (as of December 15, 2009)
    Encrypted BitTorrent, eDonkey, Chinese P2P Applications
    IBM DB2, Oracle, Microsoft SQL, MySQL, Postgres
    FIX, VMware VMotion, Microsoft CIFS/SMB, MAPI, RADIUS Voice, Video
    API for accelerating proprietary application traffic
    API for writing and simulating custom security attacks
    4,300+ live security strikes (as of December 15, 2009)
    100% Microsoft Tuesday coverage in 24 hours
    Ability to simulate complex attacks such as Botnet and DDoS attacks
    80+ evasion techniques such as stream segmentation, packet fragmentation, URL obfuscation
    SYN Flood attacks with up to 1 Million connections per second
    Data leak protection and anomaly detection testing
  • There’s An App for That….
  • Use Case: Server Load Testing
    • Generates a mix of stateful application traffic at line-rate speed
    • Validates performance/effectiveness under extreme load conditions
    • Validates the integrity of server transactions
    High Performance Client Simulation
    Load Balancer
    4,200+ live security attacks
    Firewall
    Switch
    Router
    IPS
    Application Server
    SSL Accelerator
  • Use Case: Intrusion Prevention Systems
    • Performance under load and under attack
    • Detection capabilities under load and under attack.
    • Performance of the protocol decoding engines.
    • Session ramp
    • Accuracy of protocol decoding engines under a variety of conditions
    • Loop complicated traffic continuously to test for memory leaks
    Intrusion Prevention System
    Blended
    Application
    Traffic (ex: eDonkey, AIM, etc.) +
    Live
    Security
    Strikes
    Blended
    Application
    Traffic (ex: eDonkey, AIM, etc.) +
    Live
    Security
    Strikes
  • Use Case: High Performance Firewalls
    • Performance with blended application traffic under maximum load conditions
    -Max HTTP transaction/second
    -Max SQL queries/second
    -Max concurrent TCP connections
    -Max HTTP bandwidth and max SQL bandwidth
    • Performance with security attacks under maximum load conditions
    -Max HTTP attacks/second
    -Max SQL attacks/second
    • Behavior under load, attack, at failure
    • IP, UDP, TCP fuzzing
    • Test with RFC 2544
    Firewall
    Blended
    Application
    Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) +
    Live
    Security
    Strikes
    Blended
    Application
    Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) +
    Live
    Security
    Strikes
    Zone A
    Client & Server
    Simulation
    Zone B
    Client & Server
    Simulation
    Zone D
    Client & Server
    Simulation
    Zone C
    Client & Server
    Simulation
    10 Gigabit Ethernet
    10 Gigabit Ethernet
    10 Gigabit Ethernet
  • Use Case: Web Application Firewalls
    • Performance with blended application traffic under maximum load conditions
    • Performance with live security attacks under maximum load conditions
    • Detection and blocking capabilities under load and under attack
    • Maximum load capacity with blended application traffic
    • Stability and reliability under extended attack
    • Functionality under extended attack
    Web Application Firewall
    HTTP/HTTPS/SQL
    HTTP/HTTPS/SQL
    Client
    Simulation
    Server
    Simulation
    Blended
    Application
    Traffic (ex: MySQL, Oracle, HTTP, etc.) +
    Live
    Security
    Strikes
    Blended
    Application
    Traffic (ex: MySQL, Oracle, HTTP, etc.) +
    Live
    Security
    Strikes
  • Use Case: WAN Optimization Appliances
    • Performance and functionality under maximum load and under attack
    • Disk subsystem functionality with randomly generated realistic traffic
    • Workload capacity with user specified compression variables  
    • Performance with mix of new and cached data
    WAN Optimization Appliances
    Blended
    Application
    Traffic (CIFS/SMB, MS Exchange) +
    Live
    Security
    Strikes
    Blended
    Application
    Traffic (CIFS/SMB, MS Exchange) +
    Live
    Security
    Strikes
  • Use Case: Server Load Balancer
    Performance and functionality under maximum load and under attack
    Bandwidth constraints
    HTTP caching performance
    Ability to process malformed packets or errors
    Test with RFCs 793, 1945, 2616, 2818, and 3501
    Server Load Balancer
    Application Delivery Controller
    Blended
    Application
    Traffic +
    Live
    Security
    Strikes +
    Application Fuzzing
    Blended
    Application
    Traffic +
    Live
    Security
    Strikes +
    Application Fuzzing
  • BreakingPoint Comprehensive Testing