|
In today’s risk-filled online
environment, testing network security solutions is essential. When your
network is always on and globally accessible, how can you be sure that you
are adequately protected?
Even if your security systems are kept current with relevant patches, the
threat level remains high. Zero-day attacks are becoming the norm, and the
window of vulnerability is hard to keep closed. The way to stay ahead of
vulnerabilities is to identify them before they are exploited, and the best
way to do this is by testing your security infrastructure with a realistic
mixture of both good and hostile network traffic.
A perimeter defense
using stateful firewalls no longer offers adequate protection
against the frequency and complexity of modern-day threats.
|
A perimeter defense using stateful firewalls no longer offers adequate
protection against the frequency and complexity of modern-day threats.
Recent threats have taken the form of exploits that appear to be legitimate
business applications, generating traffic that can bypass traditional
firewalls. Nimbda and CodeRed are prime examples of exploits using http
protocol to create havoc.
A new generation of network security products is being used to address these
potent challenges. Devices such as application-aware firewalls, intrusion
detection and prevention systems (IPS), and deep-packet inspection engines
combined with perimeter firewalls are now being used to deliver a layered
network security strategy. The challenge becomes how to test a strategy that
is designed to allow good traffic in and keep malicious traffic out.
In order to create a comprehensive testing strategy, you need to be able to
generate test traffic in the lab environment that simulates not only normal,
positive IP traffic, but also negative traffic that contains malicious
threats to the network. In the real world, your network is exposed to both
positive traffic, such as e-commerce, e-mail, and file transfers, as well as
negative traffic, such as viruses, worms and other types of malware.
Until now, this diverse range of traffic has been difficult to simulate in
the lab environment, forcing companies to deploy hardware or software
without pre-testing the solution. Known in the industry as “plug and pray,”
this approach is fraught with peril. The battle against hostile traffic
cannot be won simply by relying on manufacturer’s specifications. IT
professionals need a solution that enables them to benchmark performance
thresholds and quantify the security capabilities of their networks.
Creating a comprehensive security testing program involves two key factors:
In order to quantify network security and evaluate end-to-end network
performance, both of these factors should be assessed. The more
realistically the production environment can be emulated in a controlled lab
setting, the more meaningful the test results will be. Testing should be
conducted both at the device level and system level, and any device that is
inline to the data flow should be tested. This includes application-aware
firewalls, IPS systems, deep-packet inspection systems and security systems
designed to protect against distributed denial-of-service (DDOS) attacks.
stress testing necessary
Simply testing the network throughput and measuring system latency is not
enough. Testing with actual application traffic is the only way to
accurately assess the performance impact your security systems have on the
network. Latency-sensitive applications such as voice over IP can be
seriously impacted as network loading increases up to and beyond calculated
thresholds.
By stress-testing the network with a highly realistic stream of application
traffic, precise thresholds where network performance starts to be impacted
can be established. These thresholds include connections per second,
transactions per second, available bandwidth and accuracy of threat
detection.
At the same time performance begins to decline, certain security
vulnerabilities become apparent as the network elements start to overload.
These vulnerabilities are only detectable under heavy network loading,
underscoring the need for stress-testing the network. Creating a
comprehensive security strategy requires testing of both individual devices
and the overall system’s ability to accurately detect malware, as well as
the performance impact that occurs while malicious traffic is mitigated and
stopped.
Confronting malicious traffic in the lab environment is far more desirable
than coping with it after it has entered your production network. Most
perimeter devices can protect against DDOS attacks, but the current
generation of threats is penetrating network security by attaching
themselves to legitimate business applications.
One way to safeguard against this threat is lab-based testing of hostile
traffic’s effect on the network. That is why immediate access to a current,
frequently updated knowledge base of archived threats can be important in
securing the enterprise.
In the continuing chess game between IT professionals and hostile entities,
new malware outbreaks can occur at any time. Companies are fighting back by
downloading threat signatures on a zero-day basis. This allows in-house
testing to begin almost as soon as the outbreak occurs, mitigating the risks
of network downtime or a serious security breach.
Lab-based security testing enables IT professionals to identify and protect
against threats before they cripple the network and impact profitability.
Testing with a realistic mix of protocol-accurate application traffic and
the latest threat signatures delivers a powerful weapon in the battle to
secure the network.
For more information from Spirent Communications:
www.rsleads.com/512cn-258
Joe Tomasello is a security product manager for Spirent Communications,
Sunnyvale, Calif.
|