Testing High Performance Firewalls


Published on

Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and live security attacks. This presentation was given by Fortinet in the BreakingPoint booth at Interop 2011 and included their announcement of the FortiGate 3950B's Resiliency Score of 95, the highest ever published.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Based on a patented breakthrough in network processor-driven innovation, only the BreakingPoint Storm CTM allows anyone to unleash Internet-scale cyberwar in a controlled environment. A single BreakingPoint Storm CTM produces high-performance traffic from hundreds of real-world applications, load from millions of users, and comprehensive security coverage that includes thousands of current attacks and malware, as well as obfuscation and evasion techniques. The product features built-in automation to:Produce a standardized Resiliency Score™ to measure network and data center performance, security and stabilityMeasure the performance of massive virtualized infrastructures in the face of peak user load and attackValidate the accuracy and performance of Lawful Intercept and Data Loss Prevention systemsAnd the architecture of this device makes it futureproof and always current. This means that you can use it to conduct accurate research into cyber conditions – not just today, but for many years to come.Businesses, Governments, and Internet users expect secure, reliable, and fast access to data and communications. When security measures slow network performance, communications are lost, agility is compromised, and billions of dollars are wasted. If security measures are not rigorous, critical information and national security are compromised and costs skyrocket. The goal is to find the optimal balance of security and performance to assure cyber infrastructure resiliency.The enemy of resiliency is network mayhem. Today’s public and private network infrastructures are complex, dynamic, and increasingly vulnerable to network mayhem in the form of cyber attacks, viruses, human error, and escalating traffic from bandwidth-heavy or easily compromised applications such as BitTorrent, Gmail, YouTube, Twitter, iPhone, Skype, and hundreds of others. BreakingPoint creates network mayhem by simulating true global network conditions with a current mix of blended application traffic and live security attacks at live network speeds, as well as traffic from millions of users, to assure resilient networks, Web applications and cloud services. Powered by high-speed network processors and specialized hardware, the BreakingPoint Storm emits high-speed stress vectors composed of a global, custom, and current mix of application and attack traffic. This precision product then images the effects of the stress vectors on a discrete device or a device within a network.
  • Testing High Performance Firewalls

    1. 1. Resiliency Testing of High Performance Firewalls<br />
    2. 2. Agenda<br />Throughput<br />Packets Per Second<br />Latency<br />Connections Per Second<br />Simultaneous Sessions<br />Stacking It Up<br />Real Traffic<br />Resiliency Score<br />
    3. 3. Throughput<br />3<br />What is it?<br /> It’s all about ‘volume’<br />Why is it important?<br /> Maximum transfer capability<br />How is it affected?<br /> Packet size – for smaller packets we may become packet per second bound<br /> File size – for smaller files we may become connection per second bound<br /> Physical limits – bus/interface limits<br />How do we find it?<br /> For UDP – Single or multiple streams of large packet sizes<br /> For TCP – multiple HTTP GETs of 32K files<br />
    4. 4.
    5. 5. Packets Per Second<br />5<br />What is it?<br /> It’s all about ‘pressure’<br />Why is it important?<br /> Small transaction characteristics<br />How is it affected?<br /> Packet size – for larger packets we may become throughput bound<br />How do we find it?<br /> Reduce packet size until you see packets per second maximize<br />
    6. 6.
    7. 7. Latency<br />7<br />What is it?<br /> It’s all about ‘bursts’<br /> Per packet (UDP)<br /> Per transaction (TCP)<br />Why is it important?<br /> Transfer delay<br />How is it affected?<br /> Hardware or software<br /> Session setup<br />How do we find it?<br /> Measure latency at 10%, 50%, 75%, and 90% utilization<br />
    8. 8.
    9. 9. Connections per second<br />9<br />What is it?<br /> It’s all about ‘temperature’<br />Why is it important?<br /> Most everything is a connection<br />How is it affected?<br /> Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state<br /> Handled in CPU<br />How do we find it?<br /> HTTP 1.0 connections transferring a single byte file<br />
    10. 10. Connections per second (cont)<br />10<br />SYN handshake – 3 packets<br />FIN close – 3 packets<br />Data transfer – 4 packets<br />Total of 10 packets. Can be reduced<br /> RST, piggyback gets, SACK – But this may be cheating<br />
    11. 11.
    12. 12. Simultaneous sessions<br />12<br />What is it?<br /> It’s all about ‘streams’<br />Why is it important?<br /> How many parallel requests can you handle?<br />How is it affected?<br /> Memory is the biggest factor<br />How do we find it?<br /> Open, but do not complete sessions.<br /> Once all sessions are open, transfer data and close sessions<br />
    13. 13.
    14. 14. Stacking it up<br />FortiGate-3950B<br />
    15. 15. Real Traffic<br />
    16. 16. Real Traffic<br />16<br />Why is it good?<br /> More than one variable at a time<br /> Protocol interaction<br />What makes it hard?<br /> Difficult to repeat<br /> Traffic is different for every customer<br />Can we test it?<br /> Different mixes of application traffic<br /> Standard background traffic with specific<br /> security traffic<br />
    17. 17. How? Attack Thyself!<br />Real Attacks<br /><ul><li>4,500 live security attacks
    18. 18. 100+ evasions
    19. 19. Malware
    20. 20. Spam
    21. 21. DDoS and Botnet simulation
    22. 22. Custom attacks
    23. 23. Research and frequent updates</li></ul>Real World Applications<br /><ul><li>150+ application protocols
    24. 24. Social media, peer-to-peer, voice, video
    25. 25. Web and enterprise applications, gaming
    26. 26. Custom applications
    27. 27. Frequent updates</li></ul>Unprecedented Performance<br /><ul><li>120 Gbps blended application traffic
    28. 28. 90M concurrent TCP sessions
    29. 29. 3M TCP sessions/second
    30. 30. 38 Gbps SSL bulk encryption</li></li></ul><li>Resiliency Score<br />18<br />What is it?<br /> Combines aspects of all previous tests to<br /> produce a single comparable result<br />Why is it important?<br /> Can provide an easy way to compare different<br /> devices to each other<br />How is it affected?<br /> Device configuration<br />How do we find it?<br /> Its as simple as clicking a button (just do it before you go home)<br />
    31. 31. FortiGate 3950B<br />19<br />
    32. 32. Questions and Answers<br />20<br />