Tool Time: Page 15 of 15

Security Testing

• On a clean network, test each vulnerability through the test bed to ensure that everything's working properly. Get packet captures of each for analysis and comparison. Define capture filters on protocol analyzer to capture just the interesting traffic.
• Insert SUT into network and run exploits (shunning should be disabled).
• Ensure that the exploits are passing through the SUT.
• Ensure that the exploits are properly detected.
• Look for generic definitions.
• Look for multiple signatures per exploit.
• Look for misclassified exploits.

Performance Testing

• On a clean test bed, get a baseline of the performance test, which will be used to determine any degradation introduced by the product and ensure that the test bed is fully functional.
• Insert SUT into network with current policy.
• Run performance test, increasing the bandwidth in a binary search starting at half the rated capacity.
• Ensure that all tests and TCP sessions have closed properly. When in doubt, reboot the SUT to clear state tables.
• Use test beds that generate real, valid IP/TCP/UDP. Simulators will cause failure in security-related SUTs.
• Ensure that ISNs are sanely chosen (examples of poor ISN choices are those starting at 1).
• Ensure that sequence numbers increment properly.
• Ensure that IP/TCP/UDP headers are properly written.
• Ensure that there are no CRC errors generated.

click to enlarge

Results to Look For

• Increased latency per connection
• Failure of new connection

Traffic Mix

HTTP 1.1 with keep-alive:

• Main page: 2 KB
• 10 images @ 1 KB each
• 2 images @ 5 KB each
• 2 images @ 20 KB each
• DNS
• Lookups
• SMTP
• Mail @ 5 KB each
• POP3

Our test setup for this review is shown in this graphic.