Wireless Infrastructure

10:29 PM
Connect Directly
RSS
E-Mail
50%
50%

Mu-4000 Security Analyzer: Security Gets Warm And Fuzzy

The Mu-4000 lets IT sniff out software vulnerabilities before the bad guys do.

The Upshot


Claim
By combining a built-in set of known vulnerabilities with a fuzzing engine capable of discovering unknown bugs by exploring the boundaries of protocols, the Mu-4000 appliance seeks to ensure that applications and devices are secure and robust.
Context
While there's no substitute for source-code analysis tools and good application-development practices, fuzzing is an increasingly popular way to perform additional validation. And in environments where an existing embedded stack or platform is being used in a product, fuzzing or other black-box testing might be the only security analysis possible. BreakingPoint Systems also offers an appliance, and there are multiple commercial and open-source software-based fuzzers as well.
Credibility
Mu provides an easy-to-use interface for creating even complex testing situations quickly. While the cost can be steep depending on protocol sets purchased, potentially discovering vulnerabilities before deploying an application could be priceless.

Deploying flawed software is expensive, and as more formerly internal-facing applications gain shiny new Web front ends, the need for secure coding practices is increasing. So how can you safely poke and prod your apps to see if they'll break -- or worse, open doors for attackers?

The most extensive -- and expensive -- computational attack tool: the mind of a human penetration tester or application security guru. On the development side, source-code analysis tools provide value. But if you have access to the app only once it's deployed or compiled, black-box testers, like static vulnerability scanning tools and fuzzers, are your best bet.

Fuzzers attempt to explore the boundaries of file formats, protocols, or interfaces. With dual uses in both quality assurance and security, fuzzers can make applications more robust. By combining intelligent templates of what protocols look like and modifying all mutable fields -- and sometimes even supposedly immutable ones -- fuzzers are especially good at crashing applications and devices, and they'll sometimes find exploitable conditions; for more on fuzzing see a primer here.

Data Privacy
Immersion Center

NEWS | REVIEWS | BLOGS | FORUMS | TUTORIALS | STRATEGY | MORE
We brought one fuzzing appliance, Mu Security's Mu-4000 Security Analyzer, into our University of Florida Real World Labs. This baby isn't inexpensive, starting at $40,000 and ranging up to $300,000 if you want the full set of protocols -- obviously not chump change. The 55 protocols offered at press time range from ARP to L2TP to VRRP. The Mu-4000 competes with open-source and commercial software fuzzers, many of which come with significantly fewer digits on their price tags.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed