SCENARIO
Network security is a top concern of every enterprise. Each node with access to the internet or offering a service to the internet must be protected from security threats.
Malware security attacks take many forms: viruses, worms, trojans, rootkits, spyware, malicious adware, scareware, and lately, ransomware. These attacks often succeed with the cooperation of computer users—through e-mail, web pages, FTP transfers, instant messaging, P2P file sharing, online games, and careless software installation. Other attacks happen just by virtue of being connected to the internet: DDoS attacks against company sites; attacks against web, e-mail, FTP, and other services; and password-login attacks.
In addition to user education, enterprises use a variety of network security devices to protect their sites and services. These include:
• Firewalls – Filter access to a network based on IP addresses and protocols. Next-generation firewalls use DPI to filter based on internal protocols and content.
• VPN gateways – Provide secure access to remote employees and partners. These devices use IPsec encryption to protect traffic from trusted sites.
• IDS/IPS systems – Protect against hacking. These sophisticated devices recognize a wide range of unusual network usage, looking for indications of misuse.
IDS systems notify administrators of possible breaches, whereas IPS systems block access, often by programming the firewall.
• URL filtering – Prevent access to suspect websites. These devices watch all Web, FTP, and other access points and prevent access to sites on a vendor-supplied list.
• Anti-malware, anti-spam gateways – Prevent malware from entering the enterprise. These similar functions look at the content of e-mail, web, FTP, and other data entering the enterprise. This type of prevention is often also present on individual computer systems.
• Threat sandbox gateways – Verify data or files do not contain malware by either executing or inspecting them in a sandbox before letting them enter the network.
• DLP gateways – Prevent valuable data from leaving the enterprise. This appliance inspects traffic exiting the enterprise, looking for proprietary or improper data sent by deliberate user action or as a result of malware attacks.
IXIA SOLUTIONS
Ixia offers a complete network test and assessment product that measures security:
• Effectiveness – The ability to detect and prevent all forms of attacks.
• Accuracy – The ability to accurately perform its function, without significant “false-positive” results.
• Performance – The ability to enforce security mechanisms while maintaining acceptable network performance. Security enforcement mechanisms must continue to pass good traffic even under the most aggressive attacks.
The Ixia BreakingPoint Application and Threat Intelligence (ATI) service provides comprehensive intelligence for optimizing and hardening the resiliency of IT infrastructures, including product updates, authentic application protocols, real-world security attacks, and responsive support:
• Known vulnerabilities – Over 37,000 known security vulnerabilities, organized by type, are available. Attacks are updated frequently to stay current with hacker activity.
• Attack evasions – Attacks are frequently through the use of packet fragmentation and other sophisticated techniques. Ixia applies evasions to known vulnerabilities to increase effectiveness testing.
• Massive DDoS attacks – Simulate DDoS and botnet attacks to measure cyber infrastructure resiliency. Ixia uses its own test ports’ customized logic and scale to mount large-scale DDoS attacks.
• Encryption – IPsec encryption is used in two ways. Encryption with “good” traffic serves to measure VPN gateway throughput. Encryption with “attack” traffic tests security effectiveness and accuracy for attacks delivered over secure connections.
• Multiplay traffic – Sends real-world, stateful traffic to measure security appliance performance. This means that the true, realistic performance, including QoE, of security mechanisms can be measured—not just raw throughput.
