Evaluating Network and Security Devices


Published on

Capabilities presentation covering use case scenarios for evaluating DPI, network and security devices.

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Evaluating Network and Security Devices

  1. 1. Evaluating Network and Security Devices<br />
  2. 2. Escalating Network Mayhem<br />2<br />
  3. 3. The Industry’s Answer<br />Unified Computing/Cloud Computing<br />Dedicated<br />Application Servers<br /><ul><li>Single server per application
  4. 4. Distributed network</li></ul>Application Servers<br /><ul><li>Multiple applications
  5. 5. Single server</li></ul>Application Delivery Controllers<br /><ul><li>Content-aware
  6. 6. Layer 2-7 traffic</li></ul>Routers/Switches<br /><ul><li>Stateless
  7. 7. Layer 2-3 traffic</li></ul>Load Balancers<br /><ul><li>Content-aware
  8. 8. Layer 2-4 traffic</li></ul>Unified Multi-Purpose Systems, Virtualized Systems<br /><ul><li>Multiple servers
  9. 9. Single application
  10. 10. Network-aware</li></ul> Network Devices <br />Application Servers<br />
  11. 11. The Crucial Role of Deep Packet Inspection (DPI)<br />Visibility and control through inspection of packet data<br />Beyond header and basic packet filtering<br />Inspection of Layer 4-7 payload<br />Content across packets and flows<br />Enabling technology for critical initiatives<br />Security: IDS/IPS, DoS<br />Data Loss Prevention<br />Rate Shaping (QoS) & SLAs (monetization)<br />Lawful Intercept<br />Copyright Enforcement<br />
  12. 12. Validating DPI Capabilities is Challenging<br />Static content is necessary but insufficient<br />Protocol changes between applications<br />Changes affect data rates<br />Security attacks are dynamic by nature<br />Security attacks are intentionally evasive<br />Traditional techniques present challenges<br />Ever changing real exploits and targets<br />Large labs, massive hardware, and expensive software to scale to today’s performance requirements<br />Debunking the value of PCAPs<br />Designed for shells, not testing<br />
  13. 13. 5 Essentials for Validating DPI-Enabled Products<br />Realism: Blended application traffic combined with live obfuscated attacks<br />Future-proof: The most current application protocols (P2P, Mail Services, Voice/Video, etc.) and all known security vulnerabilities<br />High performance: Line-rate traffic generation to validate DPI<br />High capacity: Millions of concurrent TCP sessions to emulate millions of users<br />Unified: Integrated performance and security testing in a flexible system. <br />
  14. 14. Real Application Traffic Matters<br />Performance<br />(Megabits)<br /> Traffic Mix<br />
  15. 15. Comprehensive Resiliency Testing <br />
  16. 16. Resiliency Testing Architecture<br />TM<br />TM<br />
  17. 17. Application Protocols and Security Coverage<br />100+ stateful application protocols (as of December 15, 2009)<br />Encrypted BitTorrent, eDonkey, Chinese P2P Applications<br />IBM DB2, Oracle, Microsoft SQL, MySQL, Postgres<br />FIX, VMware VMotion, Microsoft CIFS/SMB, MAPI, RADIUS Voice, Video <br />API for accelerating proprietary application traffic <br />API for writing and simulating custom security attacks<br />4,300+ live security strikes (as of December 15, 2009)<br />100% Microsoft Tuesday coverage in 24 hours<br />Ability to simulate complex attacks such as Botnet and DDoS attacks<br />80+ evasion techniques such as stream segmentation, packet fragmentation, URL obfuscation<br />SYN Flood attacks with up to 1 Million connections per second<br />Data leak protection and anomaly detection testing <br />
  18. 18. There’s An App for That….<br />
  19. 19. Use Case: Server Load Testing<br /><ul><li>Generates a mix of stateful application traffic at line-rate speed
  20. 20. Validates performance/effectiveness under extreme load conditions
  21. 21. Validates the integrity of server transactions </li></ul>High Performance Client Simulation<br />Load Balancer<br />4,200+ live security attacks<br />Firewall<br />Switch<br />Router<br />IPS<br />Application Server<br />SSL Accelerator<br />
  22. 22. Use Case: Intrusion Prevention Systems<br /><ul><li> Performance under load and under attack
  23. 23. Detection capabilities under load and under attack.
  24. 24. Performance of the protocol decoding engines.
  25. 25. Session ramp
  26. 26. Accuracy of protocol decoding engines under a variety of conditions
  27. 27. Loop complicated traffic continuously to test for memory leaks</li></ul>Intrusion Prevention System<br />Blended<br />Application<br />Traffic (ex: eDonkey, AIM, etc.) +<br />Live<br />Security <br />Strikes<br />Blended<br />Application<br />Traffic (ex: eDonkey, AIM, etc.) +<br />Live<br />Security <br />Strikes<br />
  28. 28. Use Case: High Performance Firewalls<br /><ul><li>Performance with blended application traffic under maximum load conditions</li></ul>-Max HTTP transaction/second<br />-Max SQL queries/second<br />-Max concurrent TCP connections<br />-Max HTTP bandwidth and max SQL bandwidth<br /><ul><li>Performance with security attacks under maximum load conditions</li></ul>-Max HTTP attacks/second<br />-Max SQL attacks/second<br /><ul><li>Behavior under load, attack, at failure
  29. 29. IP, UDP, TCP fuzzing
  30. 30. Test with RFC 2544</li></ul>Firewall<br />Blended<br />Application<br />Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) +<br />Live<br />Security <br />Strikes<br />Blended<br />Application<br />Traffic (ex: BitTorrent, FTP, HTTP, SMTP, etc.) +<br />Live<br />Security <br />Strikes<br />Zone A<br />Client & Server<br />Simulation<br />Zone B<br />Client & Server<br />Simulation<br />Zone D<br />Client & Server<br />Simulation<br />Zone C<br />Client & Server<br />Simulation<br />10 Gigabit Ethernet<br />10 Gigabit Ethernet<br />10 Gigabit Ethernet<br />
  31. 31. Use Case: Web Application Firewalls <br /><ul><li> Performance with blended application traffic under maximum load conditions
  32. 32. Performance with live security attacks under maximum load conditions
  33. 33. Detection and blocking capabilities under load and under attack
  34. 34. Maximum load capacity with blended application traffic
  35. 35. Stability and reliability under extended attack
  36. 36. Functionality under extended attack</li></ul>Web Application Firewall<br />HTTP/HTTPS/SQL<br />HTTP/HTTPS/SQL<br />Client<br />Simulation<br />Server<br />Simulation<br />Blended<br />Application<br />Traffic (ex: MySQL, Oracle, HTTP, etc.) +<br />Live<br />Security <br />Strikes<br />Blended<br />Application<br />Traffic (ex: MySQL, Oracle, HTTP, etc.) +<br />Live<br />Security <br />Strikes<br />
  37. 37. Use Case: WAN Optimization Appliances<br /><ul><li>Performance and functionality under maximum load and under attack
  38. 38. Disk subsystem functionality with randomly generated realistic traffic
  39. 39. Workload capacity with user specified compression variables  
  40. 40. Performance with mix of new and cached data </li></ul>WAN Optimization Appliances<br />Blended<br />Application<br />Traffic (CIFS/SMB, MS Exchange) +<br />Live<br />Security <br />Strikes<br />Blended<br />Application<br />Traffic (CIFS/SMB, MS Exchange) +<br />Live<br />Security <br />Strikes<br />
  41. 41. Use Case: Server Load Balancer<br />Performance and functionality under maximum load and under attack<br />Bandwidth constraints <br />HTTP caching performance<br />Ability to process malformed packets or errors<br />Test with RFCs 793, 1945, 2616, 2818, and 3501<br />Server Load Balancer<br />Application Delivery Controller<br />Blended<br />Application<br />Traffic +<br />Live<br />Security <br />Strikes +<br /> Application Fuzzing<br />Blended<br />Application<br />Traffic +<br />Live<br />Security <br />Strikes +<br /> Application Fuzzing<br />
  42. 42. BreakingPoint Comprehensive Testing<br />