The Test Insider Volume 1: IDC Reports on Mitigating Risks of Next-generation Network Equipment

According to a report by IDC: Content-aware, deep packet inspection (DPI) devices have been around for more than seven years. (Yet) it appears that there has been insufficient testing to ensure that these devices can perform under real-world conditions and survive live security attacks under full network loads.

Get instant access to this report to learn more about the connection between realistic traffic, session peformance and content-aware testing.

Quick Links:

• BreakingPoint Debuts Chassis and Competitive Trade Up Program;
• The Ongoing Story and Important of Deep Packet Inspection (DPI);
• NSS Labs Talks about Realistic Testing Using Layer 4-7 Traffic;
• Security Focus: The Difficulty in Testing Blacklists;
• Testing Network Equipment? Do the Math;

BreakingPoint Elite Chassis Breaks Session Barrier with 15M TCP Sessions

Squeezed by technology and market pressures, Network Equipment Manufacturers (NEMs) and service providers are caught in a catch-22. They cannot afford time-to-market delays that result in loss of sales and market share. Yet, rushing incompletely vetted products and services to market increases the likelihood of design flaws and bugs that anger customers, slow market adoption, and elevate support costs. With today's rapidly deteriorating market conditions, the situation has never been more dire.

This week, BreakingPoint introduced a powerful weapon to help NEMs and service providers to market on time, while keeping research and development (R&D) costs low. BreakingPoint Elite is a high-performance application, performance, and security testing product in a 3-slot chassis.

BreakingPoint Elite provides unprecedented realism, session performance, throughput and ease of use features including:

• 15 million concurrent TCP sessions; 1.5 million concurrent TCP sessions per second
• 20 Gigabits per second of Layer 4-7 traffic
• More than 60 application protocols that can be blended with more than 3.600 security attacks, and an API to integrate proprietary application traffic
• Industry-leading vulnerability coverage including Microsoft Tuesday
• An intuitive management interface, multi-user capabilities, integrated Layer 2-7 reporting, and extensive automation

The Ongoing Story and Importance of Deep Packet Inspection (DPI)

Network and security equipment leverage deep packet inspection (DPI) functionality to examine data at the packet level to optimize performance and prevent security attacks. Many companies are taking advantage of DPI technology to deliver more sophisticated products and services, but DPI still faces several challenges that need to be addressed especially in the area of testing.

It isn't enough to test DPI equipment using Layer 2-3 traffic. Devices tested using this bit blasting approach may perform admirably in the lab, but once deployed in a live environment with application traffic, these devices will suffer serious performance degradation in some cases 40% or more. Additionally, DPI has vastly increased the attack surface of network equipment, allowing hackers to create more sophisticated attacks than ever before.

Visit BreakingPoint Labs for a comprehensive test methodology and video series that provides guidelines for effectively testing DPI features using a realistic blend of application traffic and security attacks at line speed. The methodology library also includes an IPS test methodology.

Here are a few other sources of good information on DPI testing:

• dPacket.org: "What does DPI Mean to You?"
• BreakingPoint: "DPI Test Methodology Videos"
• BreakingPoint Labs: "DPI for Bandwidth Shaping: Where's the News?"
• NSS Labs Webinar: "Deep Packet Inspection Applications & Testing"

NSS Labs Talks About Realistic Testing of Layer 4-7

A few months ago, NSS Labs standardized on the BreakingPoint Testing platform for Layer 4-7 testing to ensure its testing is accurate and reflective of real world traffic conditions. Typical packet blasting and simple capture/replay technologies were becoming insufficient for realistic determination of network performance for sophisticated state-based network products. If modern firewalls, intrusion prevention systems, policy based routers, and other content-aware network products were designed to only retransmit empty network packets from one interface to another, then the simple use of packet blasting and replay-based test tools would be sufficient. Sound familiar?

For more info check out:

• NSS Labs: Avoiding Pitfalls in Measuring the Performance of Application-aware Network
• NSS Labs: Overview of the BreakingPoint Testing Platform

Security Focus: The Difficulty with Testing Blacklists
by Dustin Trammel

Blacklisting is the current industry standard approach to stopping malware and is used in technologies such as anti-virus and anti-spyware software. Blacklisting is also the approach that most network security device vendors take to blocking network attacks and exploits. While firewalls are the obvious exception to this rule as they are essentially whitelist based, the vast majority of packets that get blocked, filtered, or identified by other network security devices such as IDS and IPS are done so via a match against a blacklist of traffic signatures. These signatures are analogous to fingerprints of the known malicious data that traverses the network. Learn more about the problems of using this approach.

Testing Network Equipment? Do the Math

BreakingPoint Chief Technology Officer Dennis Cox loves math. In this popular BreakingPoint Labs blog, he discusses how he uses math to solve problems. And, he reveals how a little clever math and the right data can help QA engineers fill in the missing links for realistic traffic generation. Read more.