Multiple Network Security Tests: IXIA Solutions Overview



Constantly developing and new attacks are aimed at searching for holes not yet found in the network security system. Conventional penetration tests or synthetic tests are outdated and impractical. A flexible architecture is needed that can cope with the onslaught of dynamic attacks, and be able to quickly restore the attacked network, and it is best to find IT vulnerabilities before the attacks. Assess the protection of various components of the network infrastructure allows the concept proposed by IXIA .

A review of her approach to such stress tests, as well as a case study under the cut.

The main idea of ​​the IXIA approach is a comprehensive assessment of the capabilities of security systems. The only tool for this is testing and analyzing the response of the system in real-life conditions of the IT system.

To do this, it is necessary to solve the following tasks:

• assessment of the effectiveness of the declared security functions of embedded security devices (UTMFirewall, IDS / IPS, DPI, WebApplicationFirewall, LoadBalancer, LawfulInterceptionSystem, DDoSProtector, SSLAccelerator);

• configuration optimization - whether the devices on the network are configured correctly;

• comparison of performance on benchmarks and in real conditions.




Hardware Assessment


The first thing to do before purchasing security devices is to make sure that their specifications meet the specifications of the supplier. IXIA BreakingPoint can analyze equipment protection functionality. Using this solution, independent of the manufacturers, you can experimentally verify this.



The only objective way to evaluate a device is to test it in a real customer’s network. Indeed, often stated figures are characteristics in “ideal” conditions, which has nothing to do with a similar situation under real load.

If the equipment proposed by the supplier does not meet the required characteristics, you can use the information obtained to purchase those solutions that meet the security requirements of your particular network.

Optimize device configuration


Many organizations invest heavily in high-tech IT systems for business: using cloud technologies, increasing application performance, introducing mobile solutions. At the same time, they have practically no guarantee of network performance or flexibility. The complexity of the interaction of different systems makes it even more difficult to optimize security measures, as well as reduce network flexibility. The introduction of a new solution requires mandatory testing and determining the most suitable configuration. In this case, the optimal settings, as a rule, require a series of cyclic tests.
IXIA BreakingPoint allows you to create real user traffic at any speed in order to determine exactly how the equipment will behave after installation in the system.



This system allows you to work simultaneously as a client and server, generating pure traffic along with threats and performing critical measurements of signal transit time in both directions, delays and throughput.



You can also run tests on individual devices or the entire network, optimize the configuration, and then re-run the same test to make sure the network is secure.



IXIA BreakingPoint helps security professionals fine-tune protection: from equipment selection and network design to assessing upgrades and modeling potential threats to determine preparedness. Assessing the response to DDoS attacks and preparedness for attacks, networks as security tools develop, reduces risks for companies.

The testing task becomes especially priority before optimizing the components of the entire network. BreakingPoint uses a number of tests for:
• Interaction - will help to close gaps and ensure the interaction of network components of different vendors
• Deliberate change - perform targeted data changes to identify protocol implementation errors, as well as assess how these vulnerabilities can be exploited by hackers
• Identify known vulnerabilities - an extensive set of tests to check the availability of safety devices
• performance - determination of the maximum performance of devices, applications and the network as ReA nyh conditions and overload conditions (e.g., denial of access to new users, the speed deceleration periods, cracks and so on. d.).

Performance issue


No less important is the third task. It is necessary to conduct benchmarks of the selected device, technology and configuration after installation in the network and before starting. Failing such a test will result in a false sense of security, which could result in serious consequences.



Pre-deployment testing prevents the launch of network components with missing vulnerabilities. You can also determine how the security solution works already as part of the network. Such tests help to compare the declared performance indicators with those after launch. When upgrading a network or changing a configuration, you can determine how much the performance is different before and after. Even a software update can fix one problem, while creating another.

Cadres decide everything


Many organizations and government institutions, in response to the challenges of growing cyber threats, are installing firewalls, intrusion prevention systems, and other defenses.



Effective infrastructure protection is the result of the interaction of automatic systems and skilled professionals. Therefore, another vector of IXIA's approach to security is the introduction of solutions to improve the competence of information security experts.



The human factor is the most important element in countering cyber threats, so you need to invest wisely in employees. It is necessary to combine small cyber training grounds and standardized training in order to provide the real experience necessary for the real skills of information security experts.



Traditional cyber sites require serious investments in equipment and personnel, but this does not guarantee the result. IXIA BreakingPoint helps you conduct testing and training without rapidly aging test benches. IXIA offers training taking into account the capabilities of personnel and training for company personnel in solving real-life information security problems.

ATI Service


Ready-made test case sets of typical scenarios are available, including a test of information interception systems, which significantly reduce testing time.

Users can quickly run comprehensive targeted tests within 30 seconds using more than 3,000 off-the-shelf ATI superstreams — real traffic streams that simulate application behavior. An example of such a flow is a Gmail session in which a client goes through all the necessary sequences of a DNS query, performing a TLS authentication session on a Gmail server, receiving mail, and closing the session.

In addition to this, ATI Subscriptionprovides testing using real software traffic and application protocol support. At the same time, each protocol is configured and dynamic application content repeats network conditions under which data flows change as well as real ones.



Benefits of IXIA Solutions


IXIA offers customers the technologies, experience, and training opportunities needed to strengthen security and ensure the information security network. The company's products allow you to:
• Conduct load tests of the network, applications, information security equipment not in ideal conditions, but inside a working network
• Identify the weaknesses of the security solutions used and eliminate them;
• Improve employee skills in repelling attacks and eliminating their consequences;
• Improve preparedness to repel attacks;
• Evaluate whether the IS equipment meets the stated specifications before purchasing it
• Reduce IS costs and increase infrastructure productivity

IXIA Testing Capability Table for Different IT Environments

Applications
Storage
Network
Security
· Application load · Application
security
· Server capacity
· Contact center
· VoIP
· DC migration plans
· Video services
· NAS, SAN and cloud storage
capacity · Stress test cache
· Deduplication
· Compression
· Backup and recovery
· Application Delivery
· LTE EPC Testing
· Mobile Transport Network
· Wireless LAN Controller
· Firewall · Session
Border Controller
· IPv6 Ready
· NGFW
· DDoS protection
· Data interception systems, DLP, IPS
· VPN
· Antivirus and antispam
· Anti-cyber threats


Line of devices

PerfectStorm ONE
1 / 10GE

A model with 8 1GE / 10GE SFP + ports with application bandwidth from 4 to 80 Gb / s, bandwidth and hardware are flexibly licensed.
PerfectStorm ONE
10 / 40GE

Model with 2 ports 40GE QSFP + and support for 8 ports 10GE SFP + in branching mode, application bandwidth 80 Gb / s per device.
XGS12 12-slot chassis (11 RU)

Ixia's latest chassis technology, offering a test system with the industry's highest density of Ethernet ports. The device provides the power needed for high-performance testing of level 4-7 applications. The XGS12-HS chassis supports IxLoad and BreakingPoint applications on PerfectStormFusion modules.
8-port 10GbE module PerfectStorm

Generates up to 80 Gb / s application traffic (960 bit / s on the XGS12 chassis) for wired and wireless 10-gigabit networks. Provides 8 10GE SFP + ports.
2 - port 40GbE module PerfectStorm

Generates up to 80 Gbit / s application traffic (960 bit / s on the XGS12 chassis) for wired and wireless 40-gigabit networks. Provides 2 40GE QSFP + ports.
1-Port 100GbE Module PerfectStorm

Generates up to 80 Gbit / s application traffic (960 bit / s on the XGS12 chassis) for wired and wireless 100-gigabit networks. Provides one 100GbE CXP + port.
BreakingPoint Virtual Edition Software Package

A scalable solution for generating real-world applications and attacks for deployment in a virtualized environment.


IXIA Stress Test Case at the US Stock Exchange



Case Description


The client (the US stock exchange) was concerned about the increasing DDoS attacks, and wanted to understand how effective the DDoS protection of their provider was (the client spent almost 225 thousand a month on this).

This was a successful project, which allowed to improve the overall level of client cyber security and network readiness for attacks and prevent malfunctions of the main exchange services, as well as increase the speed of DDoS protection of the network.

Technical details

IXIA conducted tests on Sunday morning, warning about the FBI tests - they really wanted to know the test results, since transactions on this exchange are key for the US and global economies.

The client named the ports through which communication with the outside world takes place, “tons” of traffic were sent to their main transactions, which the provider monitored.



Introductory tests for stress tests were given by the client. Engineers did 3 main types of test attacks, which the client complained the most about.

The attacks were of three types:
- Syn Flood
- Slowloris attack
- Excessive Get

Such IP addresses were involved. The first pool of addresses included the targets of the attack - they can be accessed from anywhere. In the second address pool, application launch was allowed.

The following addresses were
tested : 205.209.196.38 205.209.196.39
205.209.196.60
205.209.196.20
205.209.196.9
205.209.196.10
205.209.196.51
Attack

address
208.97.218.15
Address for launching applications
208.97.218.100-254
Default
route 208.97.218.1

Client: - we increased the number of SYN requests is up to 14,000 per second, then IP addresses are attacked at a constant speed of 7,450 SYN per second, and then they returned to the original value of 14,000 - this was enough for DDoS protection to detect a SYN flood attack.

As a reference, the load balancer set the level of verification of SYN requests to 150,000, which means that the total number of SYNs per second provided for all virtual servers should reach 150,000 requests before they turn on their security mechanisms. The vendor of the presented balancer recommended setting a certain level of response for each virtual server, since in this case they will be more effective. Depending on the environment, they could set a threshold of 3,000 to ensure that single servers do not receive a DDoS attack if the limit for the entire platform is 30,000 (if we have, for example, 10 virtual servers).

As soon as the client’s provider reached a threshold below 14,000 syn / sec - which is an indication of an attack, engineers would be able to exceed the threshold to see if the protection worked or not.

Test results


  • The protection response rate was reduced from 50 minutes at the beginning of the tests to 5 minutes.
  • Prevention of interruptions in work, which could lead to colossal monetary losses, and even greater image losses.
  • The general level of preparedness for future attacks and the security of the IT infrastructure of the financial exchange has improved.
  • It took about 15 seconds in the test to find out that there was a huge attack on 2 external routers that were ready to “fall” as a result of the attack. The tests didn’t use much bandwidth, but were based on data about real attacks on the client. As a result of the tests, incorrect router configurations were determined, which no one would ever know about before it was too late. And they would have been truly attacked if the IXIA hadn't tested.
  • Another important result of the tests was that the exchange could check, among other things, the smoothness of the reaction processes of responsible employees to the threat.
  • The first time engineers ran a test, customers did not tell their security provider, and only a few exchange employees knew about the test attacks. Despite the fact that the employees had clear instructions in the event of an attack, the response time took about 50 minutes to “raise the alarm”: given all the internal approvals of all those responsible, as well as the IT security provider. All these people had to decide that they need to “sound the alarm” with the provider so that it cuts off all incoming traffic.
  • By the second test, the client reduced the response time to 15 minutes, and on the third test - 5 minutes. It was a good fire brigade training!


The full range of NTS IXIA equipment is available here.


With BreakingPoint's virtual performance here


For questions about IXIA solutions, contact: dcs@muk.ua.
IXIA solutions distribution in Ukraine , Belarus , CIS countries .
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service

Also popular now: