Validating Malware Signature Installations on Ixia BreakingPoint Hardware

Similar documents
Using and the Internet

Enjoying EPUB ebooks on Your Nook

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

COMMONWEALTH OF PA OFFICE OF ADMINISTRATION. Human Resource Development Division. SAP LSO-AE Desk Guide 15 T H J A N U A R Y,

CLEARONE DOCUMENT (REVISION 1.0) October, with Converge Pro Units

COPYRIGHT TOP NOTCH TABLETS LLC HOW TO: Install the Drivers to your PC so you can Flash Firmware to your RK3066 Powered Tablet.

RTI Integration Release Notes

Virtual Appliance Setup Guide

PigCHAMP Knowledge Software. Enterprise Edition Installation Guide

Configure SPLM 2012 on Windows 7 Laptop

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Supplement I.B: Installing and Configuring JDK 1.6

Inventory Computers Using TechAtlas for Libraries

Setting up Remote Desktop

Installing the USB driver for Firmware 7 or later For use with E-blocks programmer boards and PICmicro Development boards.

Business Process Management IBM Business Process Manager V7.5

DropSend Getting Started Guide

To begin, visit this URL:

ESET NOD32 Antivirus 4 for Linux Desktop. Quick Start Guide

Serial ATA 2 Ports PCI Host

Virtual Office Remote Installation Guide

How-To: Changing the target IP address for pcanywhere Remote Control

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Installing VPN for PC v1.3

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

Microsoft Dynamics GP Release

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

How to Configure Windows Firewall on a Single Computer

ScotEID Desktop Quick Start Guide

Add in Guide for Microsoft Dynamics CRM May 2012

Using SSH Secure Shell Client for FTP

Using your Bluetooth laptop with the Logitech wireless hub

Extracting an S/MIME certificate from a digital signature

KPN SMS mail. Send SMS as fast as !

Easy Setup Guide for the Sony Network Camera

SmartLink for Lotus Notes User Guide

Many home and small office networks exist for no

Create an ios App using Adobe Flash Side by Side Training, And without using a Mac

Web Editing Tutorial. Copyright Esri All rights reserved.

A-AUTO 50 for Windows Setup Guide

Network Load Balancing

How to Install Applications (APK Files) on Your Android Phone

How To Connect To A Wireless Network On Windows 7 (Windows 7) On A Pc Or Mac Or Ipad (Windows) On Pc Or Ipa (Windows 8) On Your Computer Or Mac (Windows). (Windows.7) On An

Autodesk Installation

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Installation Guide. Your FedEx Ship Manager system number. Before you start

IntraVUE Plug Scanner/Recorder Installation and Start-Up

GETTING STARTED WITH SQL SERVER

v v Alarm Notifications: [Y] Bounding boxes for analytics: [N]

5. Tutorial. Starting FlashCut CNC

AT&T Global Network Client v6.8.0 and Passport IP Setup Instructions for Broadband VPN Access

Comtrend 1 Port Router Installation Guide CT-5072T

Vodafone PC SMS (Software version 4.7.1) User Manual

Installation of IR under Windows Server 2008

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

Using Remote Desktop with the Cisco AnyConnect VPN Client in Windows Vista

Remote Access Services Apple Macintosh - Installation Guide

Installing S500 Power Monitor Software and LabVIEW Run-time Engine

ORDERING ONLINE WITH YOURAVON.COM

Using Device Discovery

Microsoft Word 2011: Create a Table of Contents

Supplement I.B: Installing and Configuring JDK 1.6

Debug Failed to connect to server!

PrinterOn Mobile App for ios and Android

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Online Scheduling Instructions

Table of Contents. FleetSoft Installation Guide

TOSHIBA GA Printing from Windows

Deployment Guide: Transparent Mode

Guide to Installing BBL Crystal MIND on Windows 7

Job Aid: Creating Additional Remote Access Logins

Deposit Direct. Getting Started Guide

Internet Explorer 7 and Internet Explorer 8 Browser Security Settings

How to test and debug an ASP.NET application

1 Installation. Note: In Windows operating systems, you must be logged in with administrator rights to install the printer driver.

ProjectWise Explorer V8i Client Installation

Remote Access Services Microsoft Windows - Installation Guide

Setting up VPN Access for Remote Diagnostics Support

This presentation introduces you to the new call home feature in IBM PureApplication System V2.0.

2) Sharing Projects Made easy by IntelliGantt s Share Wizard, there are three share options to fit the needs of your project.

Hosting Users Guide 2011

Comtrend 4 Port Router Installation Guide CT-5361T

Team Foundation Server 2012 Installation Guide

Implementation Guide. Implementation set up: Configure your channel. Implementation customization: Enable your social profiles

Cisco IPS Tuning Overview

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Getting the most from Contracts Finder

Xerox EX Print Server, Powered by Fiery, for the Xerox 700 Digital Color Press. Printing from Windows

User Guide. Introduction to 3M Digital Designs. User Guide Contents: Installing 3M Digital Designs Software. Setting up a Plotter

Customer admin guide. UC Management Centre

User s Manual for Fingerprint Door Control Software

Configuring user provisioning for Amazon Web Services (Amazon Specific)

VoIP Intercom and Elastix Server

eservice Portal Overview

VidyoDesktop Media Player Quick Reference Guide

Encrypting a USB Drive Using TrueCrypt

Malwarebytes Anti-Malware 1.42

Fusion. User s Guide: Updating the Fusion s Image

SQL Server 2008 R2 Express Edition Installation Guide

ONLINE BANKING - INTERNET BROWSER SETTINGS: COOKIES

Transcription:

Validating Malware Signature Installations on Ixia BreakingPoint Hardware 1

Introduction Ixia BreakingPoint products ship with the capability to generate large numbers of live malware binaries, which can then be sent in two-arm fashion through a network topology of your choosing. This is very useful in determining whether firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and related equipment can correctly detect (and block!) these binaries via policies such as routine malware signature analysis. Using Ixia BreakingPoint equipment in two-arm fashion for this testing ensures that nothing else in the network will be compromised. Solutions are configured in two-armed mode to be both the originating element and the terminating element, using IPv4 addresses, IPv6 addresses, or both. However, this feature cannot be used unless users log in to Ixia s secure StrikeCenter support site with the appropriate customer credentials and download and install the binary malware strikepacks. Until then, if you attempt to select and configure one or more of our malware strikes, the output Reports will show Errored Malware package 0000000X missing where the X will vary based on the package number in question. There are currently seven malware strikepacks (numbered 0-6) available from our StrikeCenter portal, and each package is roughly 1GB in size. Once you ve downloaded and installed the appropriate packages, you won t see a change in the total number of your security strikes. It will be exactly the same as before because all that s happened with the malware strikepack updates is that malware binary images have been attached to the previous templatized placeholders for each. Although you won t see a change in the total number of strikes after installing the malware strikepacks, there is still a simple way to validate that they have been installed correctly. Just pick one piece of malware from each of the seven packages, saving the results to a strike list, and run them through a security component across a piece of cable connecting two ports of your Ixia BreakingPoint unit. When the test is completed, you can analyze the report data and verify that strikes were allowed through the cable, or in the case that the packages have not been installed, that strikes were reported as Errored. Let s walk through the entire process of creating and running this simple validation test. 2

Methodology First, choose Managers > Strike Lists from the home screen: In the Search box, enter malware 00000000 package 00000001. You ll see precisely two results which cover the first two packages. Right-click on the results and choose Add All Results : 3

You ll notice that the total number of strikes included is now displayed as 2 in the top right. Next, we change our search term to be malware 00000002 package 00000003. You ll see precisely two more strikes. Right-click on the results and choose Add All Results. Your total count will now be four. Do this again using a search term of malware package 00000004 package 00000005. You ll see precisely two more strikes. Right-click on the results and choose Add All Results. Your total count will now be six. You now have just one more to do, from package 6, so use the search term malware 00000001 package 00000006. You ll see two search results here, but you only need the one from package 6, so left-click that one so that it turns yellow, and then right-click and choose Add Strike. 4

When that s done, you ll notice you now have seven strikes, precisely one from each of the seven packages. Save this seven-count strike list by selecting Strike List > Save As: A dialog will prompt you for a name; let s call it Malware Package Validation. Once you ve done that, click on the eye icon in the top right to double-check that you ve included one strike from each package: Looks like we did a good job! We have one piece of malware from each of the seven packages (indexed 0-6), just like we wanted. 5

Now we will reserve the two ports that we ve externally connected with a piece of cable. To select the ports you ve connected, click the green chassis icon on the top of the home screen, click on the two ports that you connected your cable to, and then close the chassis window: Now we will create our test configuration. From the home screen select Test > New Test: 6

Since we are just running across a piece of cable, the network addressing doesn t really matter much, so we will leave the default setting of BreakingPoint Switching which will work just fine. In the Test Components section, click the Add New button and select a Security component, and the click Select: A dialog will prompt you to enter the component name, which we ll call Malware Validation. Once you ve done that, click on the component name on the left to be able to configure it: 7

The basic security configuration screen is quite simple. In the upper left, you can change the name or add a description. In the Component Tags section, you can map the addressing from the default BreakingPoint Switching network neighborhood, and since we re just on a loopback cable, leave the defaults as-is. On the right you can select the various security parameters. In this case we ll use all of the default values, except that we want to use our created Malware Package Validation strike list. Click Browse and select it while entering a package search keyword to make it easier to find: 8

Once you ve selected the Malware Package Validation strike list, your test configuration shows it as selected: 9

Once you ve clicked on the Return to Test Workspace button in the bottom of that screen, you simply have to save and run the test by clicking the Save and Run button in the bottom right. A dialog will ask for the name of the test, which we ll call Malware Package Validation, then click Save : Once the save operation finishes, the test will begin to initialize, which only takes a few seconds, after which it will immediately start to run. It will run very quickly, as it doesn t take long for the malware binaries to propagate from the origination to the termination point across the loopback cable. 10

While the test is running, you can investigate the Attacks tab in the real time statistics to monitor progress: In this case, all seven strikes were Errored! That means that this Ixia BreakingPoint box does not have any of the malware packages installed. You can also see a more detailed message as to the problem in the detailed report for the test: 11

If, on the other hand, the Ixia BreakingPoint unit had one or more of the malware packages installed, then at run-time you would actually get a warning that you must click Yes on to proceed. You might think that this is sufficient to ensure that the packages were correctly installed, but it is not. If any one of the packages had been correctly installed, this warning will be displayed, but it doesn t tell you if all of them were correctly installed: Once you click yes, the test will finish initializing and run. It runs very fast, so you ll probably see the test completion dialog before you have a chance to go to the Attacks tab. That s okay; you ll note that the Test Criteria failed, because the default criteria expects that these security malware strikes would have been blocked by network security equipment in the path. That did not happen since we are running in a looped back environment all of the attacks got right through. So once you click close on that window and choose the Attacks tab, you ll see your results. In order to truly validate the results, you ll need to investigate the full output report. Here, in this example, we determine that malware package 1 was successfully installed (as we report that the strike was allowed through the network under test which was just a simple piece of CAT6 cable between two ports): 12

After investigation of the remaining strikes, all are reported as Errored. For simplicity, we show only the last one, for package 6: And so you now know that only one of the seven malware packages was installed, and that you ll need to install the other six. After doing that, this test can be re-run to verify that all seven strikes lists are Allowed in the Strike Result field in the output report. 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information