IxLoad-Attack: Network Security Testing

Transcription

1 IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience for mission-critical applications. IxLoad-Attack tests the wide range of network security appliances: Next generation firewalls, Intrusion detection and prevention systems (IDS/IPS), Anti-virus, anti-spam and URL filters, and VPN gateways Many of these devices need constant update and configuration to provide up-to-date protection. IxLoad-Attack includes an update service that keeps pace with current threats with bi-weekly. IxLoad-Attack delivers the security testing depth and scale needed to satisfy both device validation and continuous protection of cloud infrastructures as well as enterprise, government, and service provider networks. IxLoad-Attack is the only product that provides malicious traffic over both encrypted and non-encrypted links. IxLoad-Attack runs in parallel with all other IxLoad functions. Customized, real-world network traffic provides the "good" reference traffic that security devices must forward without affecting customer quality of experience (QoE). 6,000 unique live security attacks, the most comprehensive solution targeting known vulnerabilities Automatic updates via subscription service Multiple evasion techniques allows millions of attack permutations Most comprehensive coverage for published Microsoft vulnerabilities Line-rate distributed denial of service (DDoS) attacks over1ge, 10 GE and 40 GE interfaces Converged real-world application traffic mix with fully stateful voice, data and video emulations Mix of legitimate and malicious traffic on same ports Measures security effectiveness, performance benchmarking and service availability Backed by security research from two industry pioneers keeping IxLoad-Attack updated Delivery of attacks over IPsec tunnels for security and performance testing of VPNs and LTE security gateways Figure 1 - High-Level Vulnerabilities and DDoS Attacks P/N: Rev B April Page 1 of 5

2 Features and Specifications Feature Category Published Vulnerabilities and Malware Detailed Description 6,000+ vulnerabilities and malware Highest coverage of Microsoft vulnerabilities Subscription service with online and offline malware and vulnerabilities updates Measures security effectiveness Emulates attacks over IPv4 and IPsec Comprehensive attack metadata Multiple attack evasions Packet capture using IxLoad s embedded Analyzer Attacker/server-initiated attacks Target/client initiated attacks (client based attacks) Multiplay Voice, Video, Data and Wireless Protocol Support Distributed Denial of Service General Features Internet: HTTP, P2P, FTP, SMTP, POP3, DNS and CIFS Video: IGMP, RTSP, Adobe Flash Player, Microsoft Silverlight, Adobe HLS, MPEG2, and H.264/AVC Voice: SIP, MGCP, H.323, H.248, Cisco Skinny, FAX over IP, video conferencing and PSTN Wireless: 3GPP packet core protocols used by GGSNs Both IPv4 and IPv6 Botnet and target emulation Attacks against live servers Attacks against intermediate devices Emulation of large botnets with millions of unique IP addresses Line rate attacks over 1GE, 10GE and 40GE interfaces Mix of voice, data, video and DDoS traffic on same port Mix multiple attack patterns on same port Attacks initiated from spoofed IPs or real IPs Attack rate and attack throughput test objectives P/N: Rev B April Page 2 of 5

3 Distributed Denial of Service Patterns ARP attacks ARP Flooding ICMP attacks Fragmented ICMP Host Unreachable Nuke attack Ping of Death attack Ping Sweep attack TIDCMP attack UDP attacks DNS Flooding attack Evasive UDP attack UDP Flooding attack UDP Port Scan attack UDP Fragments attack TCP attack TCP ACK Flooding TCP SYN Flooding TCP FIN Flooding TCP RST Flooding TCP Land attack TCP Port scanning attack TCP SYN/ACK Flooding TCP Xmas tree attack IP attacks Malformed IP Options attack Nestea attack Short Fragment Teardrop IGMP attacks Fragmented IGMP attack IGMPSYN Flooding P/N: Rev B April Page 3 of 5

4 Statistics Distributed Denial of Service Attack counters Attack rates Attack throughput Per attack counters Per attack rates Per attack throughput Drill down per port, attack and network Published Vulnerabilities & Malware Attack counters Attack rates Attack packet counters o Attacks Packets Sent/Received/ Not Received Attack packet rates o Packets per second Sent/Received/Not Received Attack throughput Per attack counters Attacks - Distribution by year Attacks - Distribution by vendor Attacks - Distribution by severity Attacks - Distribution by category Attacks - Distribution by threat type Attacks - Distribution by evasion class Drill down per port Drill down per attack Drill down per network P/N: Rev B April Page 4 of 5

5 Ordering Information o One year security subscription for vulnerabilities and malware o IXLOAD-VULNERABILITIES-MALWARE-BASE o IXLOAD-VULNERABILITIES-MALWARE-PLUS o IXLOAD-DDoS-BASE o IXLOAD-STD-SECURITY, Software Bundle, L4-7 Performance Test Application This material is for informational purposes only and subject to change without notice. It describes Ixia's present plans to develop and make available to its customers certain products, features and functionality. Ixia is only obligated to provide those deliverables specifically included in a written agreement between Ixia and the customer. P/N: Rev B April Page 5 of 5