Firewall Testing Methodology W H I T E P A P E R



Similar documents
Networking for Caribbean Development

IxLoad-Attack: Network Security Testing

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Next-Generation Firewalls: Critical to SMB Network Security

For IT Infrastructure, Mobile and Cloud Computing - Why and how

Testing Darwinsim: The History and Evolution of Network Resiliency

The Cisco ASA 5500 as a Superior Firewall Solution

Defending Against Cyber Attacks with SessionLevel Network Security

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Inspection of Encrypted HTTPS Traffic

R&S SITGate Next-Generation Firewall Secure access to Internet and cloud services

Cisco Advanced Services for Network Security

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

INSTANT MESSAGING SECURITY

Transport Layer Security Protocols

Protecting the Infrastructure: Symantec Web Gateway

USG6600 Next-Generation Firewall

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

First Line of Defense to Protect Critical Infrastructure

Content-ID. Content-ID URLS THREATS DATA

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Load Balancing Security Gateways WHITE PAPER

Best Practices for Controlling Skype within the Enterprise > White Paper

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Securing the Small Business Network. Keeping up with the changing threat landscape

SonicWALL Unified Threat Management. Alvin Mann April 2009

On-Premises DDoS Mitigation for the Enterprise

USG6300 Next-Generation Firewall

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Lab Testing Summary Report

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

Symantec Mobile Security

Managing Latency in IPS Networks

Barracuda Intrusion Detection and Prevention System

Importance of Web Application Firewall Technology for Protecting Web-based Resources

SonicOS 5.9 One Touch Configuration Guide

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Payment Card Industry (PCI) Executive Report 08/04/2014

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Next Generation IPS and Reputation Services

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Introducing IBM s Advanced Threat Protection Platform

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

Firewalls & Intrusion Detection

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

CS5008: Internet Computing

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION

Huawei Eudemon200E-N Next-Generation Firewall

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Unified Threat Management Throughput Performance

Firewall Firewall August, 2003

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Firewalls and Intrusion Detection

74% 96 Action Items. Compliance

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Palo Alto Networks. October 6

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

SERVICE DESCRIPTION Web Proxy

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Unified Threat Management, Managed Security, and the Cloud Services Model

Cisco ASA 5500 Series Business Edition

Payment Card Industry (PCI) Executive Report 10/27/2015

NetDefend Firewall UTM Services

Lesson 5: Network perimeter security

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper

Pravail 2.0 Technical Overview. Exclusive Networks

Host-based Intrusion Prevention System (HIPS)

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

HoneyBOT User Guide A Windows based honeypot solution

Best Practices for Controlling Skype within the Enterprise. Whitepaper

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

DPI and Metadata for Cybersecurity Applications

Network Security Solution. Arktos Lam

Breaking the Cyber Attack Lifecycle

Arbor s Solution for ISP

Cyber Essentials. Test Specification

Did you know your security solution can help with PCI compliance too?

Firewall and UTM Solutions Guide

Migration Project Plan for Cisco Cloud Security

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Transcription:

Firewall ing W H I T E P A P E R

Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness the network has the ability to implement intelligent security and traffic management policies that are tied to specific application and user characteristics However, with hundreds of thousands of applications and devices on the network and new security threats being discovered on them every day, test teams are struggling to quickly and effectively test their systems - Key requirements for an application aware security testing tool o Unified The test team needs a unified solution that models both the various types of security threats (such as Distributed Denial of Service, protocol fuzzing, anti-virus, DLP, url filtering and published vulnerability detection), and also real world applications o Exhaustive The resulting tests need to be exhaustive and cover the entire attack surface The solution needs to cover thousands of tests that can be run in an automated fashion and yet allow debug and analysis when issues are found o Simplicity Since test teams are pressed for time, they need a solution that does not require an expert user The ability to make the workflow of the test tool integrate with development and issue resolution is very important This is critical to make the issues found actionable and to get them to resolution rapidly Application Identification and Performance Application Identification & Control (white-listing and black-listing) Requirements This test will verify if the target is able to successfully identify applications when they flow through it sequentially o one by one The target has application signatures that are used by the system to examine the traffic pattern flowing through it and to match the observed pattern with the signature The application list must reflect what is seen on customer networks (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks Run the apps through the target one by one using standard ports and verify if they are detected Run the apps over non-standard ports and see if they were detected Run the apps over SSL/TLS and see if they were detected Run apps that are in the whitelist and verify if they get through successfully Run apps that are blacklisted and see if they are blocked On Standard Ports App List Detection (Yes/No), Whitelist (Pass/), Blacklist (Pass/) Copyright 0, Mu Dynamics, Inc

With Port evasion/non standard ports With SSL encryption App List Detection (Yes/No), Whitelist (Pass/), Blacklist (Pass/) App List Detection (Yes/No), Whitelist (Pass/), Blacklist (Pass/) Concurrent Application Identification & Control This test will verify if the target is able to successfully identify multiple applications when they flow through it concurrently or in parallel The target has application signatures that are used by the system to examine the traffic pattern flowing through it and to match the observed pattern with the signature The application list must reflect what is seen on customer networks (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks Run the apps through the target concurrently using standard ports and verify if they are detected Run the apps over non-standard ports and see if they were detected Run the apps over SSL/TLS and see if they were detected Run apps that are in the whitelist and verify if they get through successfully Run apps that are blacklisted and see if they are blocked On Standard Ports With Port evasion/non standard ports With SSL encryption App List Detection (Yes/No), Whitelist (Pass/), Blacklist (Pass/) App List Detection (Yes/No), Whitelist (Pass/), Blacklist (Pass/) App List Detection (Yes/No), Whitelist (Pass/), Blacklist (Pass/) App performance baseline with real production application mix Single Dimensional for This test will verify what the maximum user concurrency is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure max user concurrency with no more than % failures for the entire test-run as well as for each group Copyright 0, Mu Dynamics, Inc

Single Dimensional for Average Throughput This test will verify what the average throughput is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure average throughput for the entire test-run as well as for each group Average Throughput Single Dimensional for Maximum Active TCP connections This test will verify what the maximum active TCP sessions is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure max active TCP sessions with no more than % failures for the entire test run as well as for each group Maximum active TCP connections Single Dimensional for Maximum Active UDP sockets This test will verify what the maximum active UDP sockets used is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Copyright 0, Mu Dynamics, Inc

Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure max active UDP sockets with no more than % failures for the entire test run as well as for each group Maximum active UDP sockets Single Dimensional for Maximum Connection Rate This test will verify what the maximum connection rate is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure max user concurrency with no more than % failures for the entire test run as well as for each group Maximum connection rate Single Dimensional for bytes sent and received This test will verify what the bytes sent and received is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure bytes sent and received on client and server sides for the entire test run as well as for each group Bytes Sent and Received Copyright 0, Mu Dynamics, Inc

Single Dimensional for Average Response Time This test will verify what the average response time is for a mix of apps that mirrors the production network The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) Recreate the list of applications that appear on customer networks The user can choose a single application or a groups of applications that are similar like video apps, voice apps, file transfer apps etc Run the apps through the target concurrently at increasing levels of user concurrency Measure average response time per app and per group Average Response Time Multi-dimensional tests - App Performance with virus This test will verify how application performance is affected when virus detection and control is also performed at the same time The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) A separate malicious set of flows consisting of applications with viruses in the payload is also sent at the same time Recreate the list of applications that appear on customer networks Add a separate track of application flows with viruses in the payload Run the apps through the target concurrently at increasing levels of user concurrency Measure key application performance metrics in this multi-dimensional test and compare against the baseline Average Throughput Maximum active TCP connections Maximum active UDP sockets Maximum connection rate Bytes Sent and Received Average Response Time Copyright 0, Mu Dynamics, Inc

App Performance with fuzz This test will verify how application performance is affected when fuzz or malformed traffic is also sent at the same time The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) A separate fuzz or malformed set of flows is also sent at the same time Recreate the list of applications that appear on customer networks Add a separate track of application flows with viruses in the payload Run the apps through the target concurrently at increasing levels of user concurrency Measure key application performance metrics in this multi-dimensional test and compare against the baseline Average Throughput Maximum active TCP connections Maximum active UDP sockets Maximum connection rate Bytes Sent and Received Average Response Time App Performance with known This test will verify how application performance is affected when known attack profiles for which signatures are written is also sent at the same time The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) A separate set of known attack triggers are also sent at the same time Recreate the list of applications that appear on customer networks Add a separate track of application flows with viruses in the payload Run the apps through the target concurrently at increasing levels of user concurrency Measure key application performance metrics in this multi-dimensional test and compare against the baseline Average Throughput Copyright 0, Mu Dynamics, Inc

Maximum active TCP connections Maximum active UDP sockets Maximum connection rate Bytes Sent and Received Average Response Time App Performance with DDOS This test will verify how application performance is affected when Application level and network level DDoS is sent at the same time The application mix must reflect what is seen on customer networks The user can use the mixes provided by the test vendor or create their own (Business apps like Oracle, Communication apps like email and IM, Consumer apps like PP and Gaming etc) A separate set of DDoS are also sent at the same time Recreate the list of applications that appear on customer networks Add a separate track of application flows with viruses in the payload Run the apps through the target concurrently at increasing levels of user concurrency Measure key application performance metrics in this multi-dimensional test and compare against the baseline Average Throughput Maximum active TCP connections Maximum active UDP sockets Maximum connection rate Bytes Sent and Received Average Response Time Virus Detection & Prevention This test will verify how effective the Firewall is in detecting and preventing malware such as viruses The virus and other types of undesirable malicious content are sent within files, videos or other media over various transports including http, ftp, SMTP and others Copyright 0, Mu Dynamics, Inc

Create or use a library of virus and malware content Send the malicious content along with valid app traffic through multiple transports and protocols, with and without compression Measure effectiveness of detection Measure effectiveness of Prevention Measure integrity of valid content Sequential Concurrent app traffic fuzz DDoS With background known published vulnerability _ Description N Published Vulnerability Attack Detection and Prevention This test will verify how effective the Firewall is in detecting and preventing known Since new published vulnerabilities are discovered almost every day the user needs to have a steady flow of the latest published vulnerability templates The application signatures for these need to be tested on a continuous basis Create or use a library of known published vulnerabilities Send known vulnerability triggers through the target Turn on multiple evasion types such as fragmentation to evade detection Measure effectiveness of detection Measure effectiveness of Prevention Sequential Concurrent With Evasion app traffic fuzz With background DDoS _ Description Copyright 0, Mu Dynamics, Inc 9

N DDOS detection and prevention This test will verify how effective the Firewall is in detecting and preventing Distributed Denial of Service DDoS need to be sent from multiple IP and MAC ids Embedded ids in the payload can also be randomized so as to prevent detection Create or use a library of DDoS Send multiple types of DDoS through the target and in some cases depending on the test to the target Monitor the health of the target as well as whether it comes back after the DDoS are removed Measure effectiveness of detection Measure effectiveness of Prevention Measure the availability and resilience of the target (% of time it was accessible for new users) Resilience (percentage of time the target was down and un reachable) _ N Description Sequential Concurrent Availability Resilience app traffic URL filtering This test will verify how effective the Firewall is in detecting and preventing unwanted url accesses Url filtering is a way to restrict access to unwanted urls for reasons of security, work-place productivity, ethics and privacy Create or use a library of known good and known bad urls Send traffic that access these known urls Turn on evasion types such as http pipelining Measure effectiveness of detection Measure effectiveness of Prevention Check for false negatives and positives Copyright 0, Mu Dynamics, Inc 0

Sequential Concurrent With Evasion app traffic fuzz With background DDoS _ Description N DLP or data ex-filtration testing This test will verify how effective the Firewall or Security device is in detecting and preventing important and confidential data from leaving the secure network Content filtering and DLP are ways to prevent leakage of confidential information to unauthorized entities outside the secure network Create or use a library of known good and known bad message flows Send traffic that access these sets of flows Turn on evasion types such as http pipelining Measure effectiveness of detection Measure effectiveness of Prevention Check for false negatives and positives Sequential Concurrent With Evasion app traffic fuzz With background DDoS _ Description N Fuzz Attack (Negative ing) This test will verify how effective the Firewall is in detecting and preventing fuzz or malformed traffic Copyright 0, Mu Dynamics, Inc

Fuzz need to be sent top the firewall or network security device as well as through it to test the ability to discard the malformed traffic and remain resilient in the face of unexpected negative flows Create or use a library of Fuzz Send multiple types of Fuzz through the target and in some cases depending on the test to the target Monitor the health of the target as well as whether it comes back during the test run and after the fuzz are removed Measure effectiveness of detection Measure effectiveness of Prevention Measure the availability and resilience of the target (% of time it was accessible for new users) Resilience (percentage of time the target was down and un reachable) _ N Description Sequential Concurrent Availability Resilience app traffic Copyright 0, Mu Dynamics, Inc

Web: wwwmudynamicscom Address: W Maude Avenue, Suite 0, Sunnyvale, CA 90, USA Phone: --0 or 0-9-0 Fax: 0-9- Copyright 0 Mu Dynamics All rights reserved Mu Dynamics, Mu Suite, Mu-000, Mu-000, Mu Dynamics logo, and Innovate with Confidence are trademarks of Mu Dynamics

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information