node7.html 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  2. <!--Converted with LaTeX2HTML 2002-2 (1.70)
  3. original version by: Nikos Drakos, CBLU, University of Leeds
  4. * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
  5. * with significant contributions from:
  6. Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
  7. <HTML>
  8. <HEAD>
  9. <TITLE>6 Testing Methodologies</TITLE>
  10. <META NAME="description" CONTENT="6 Testing Methodologies">
  11. <META NAME="keywords" CONTENT="FAQ">
  12. <META NAME="resource-type" CONTENT="document">
  13. <META NAME="distribution" CONTENT="global">
  14. <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
  15. <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
  16. <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
  17. <LINK REL="STYLESHEET" HREF="FAQ.css">
  18. <LINK REL="next" HREF="node8.html">
  19. <LINK REL="previous" HREF="node6.html">
  20. <LINK REL="up" HREF="FAQ.html">
  21. <LINK REL="next" HREF="node8.html">
  22. </HEAD>
  23. <BODY >
  24. <DIV CLASS="navigation"><!--Navigation Panel-->
  25. <A NAME="tex2html229"
  26. HREF="node8.html">
  27. <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
  28. <A NAME="tex2html225"
  29. HREF="FAQ.html">
  30. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  31. <A NAME="tex2html219"
  32. HREF="node6.html">
  33. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  34. <A NAME="tex2html227"
  35. HREF="node1.html">
  36. <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
  37. <BR>
  38. <B> Next:</B> <A NAME="tex2html230"
  39. HREF="node8.html">7 Required Libraries and</A>
  40. <B> Up:</B> <A NAME="tex2html226"
  41. HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
  42. <B> Previous:</B> <A NAME="tex2html220"
  43. HREF="node6.html">5 Common Questions from</A>
  44. &nbsp; <B> <A NAME="tex2html228"
  45. HREF="node1.html">Contents</A></B>
  46. <BR>
  47. <BR></DIV>
  48. <!--End of Navigation Panel-->
  49. <H1><A NAME="SECTION00070000000000000000">
  50. <SPAN CLASS="arabic">6</SPAN> Testing Methodologies</A>
  51. </H1>
  52. <P>
  53. A topic which comes up regularly, is how to use tcpreplay to test
  54. products like intrusion detection/prevention devices (IDS/IPS) and
  55. deep inspection firewalls. Generally, I hear people suggest three
  56. things:
  57. <P>
  58. <OL>
  59. <LI>Use security scanners like Nessus
  60. </LI>
  61. <LI>Use ``real attacks'' like those generated by Metasploit
  62. </LI>
  63. <LI>Use a replay tool like tcpreplay to generate attack traffic
  64. </LI>
  65. </OL>
  66. First, let me say that security scanners like Nessus do a really crappy
  67. job of testing the effectiveness of IDS/IPS and firewalls. The simple
  68. reason is that security scanners don't try to exploit vulnerabilities
  69. because it creates problems on the network. IT managers don't like
  70. it when their servers start rebooting or routers crash, so scanners
  71. use other non-agressive techniques like banner grabbing to find potentially
  72. vulnerable systems. Simply put, these non-agressive techniques often
  73. look nothing like a real attack.
  74. <P>
  75. That leaves generating ``real attacks'' and replay tools.
  76. <P>
  77. Advantages of real attacks:
  78. <P>
  79. <UL>
  80. <LI>It's clear when you have a valid test case because the target system
  81. is compromised
  82. </LI>
  83. <LI>Exploit code and attack tools are widely available for many attacks
  84. </LI>
  85. </UL>
  86. Disadvantages of real attacks:
  87. <P>
  88. <UL>
  89. <LI>After the test case is run, the target system may be unstable or corrupted,
  90. requiring a reboot or re-install
  91. </LI>
  92. <LI>Generally requires two systems: a target (often running VMWare) and
  93. an attacker system
  94. </LI>
  95. <LI>Installing, configuring and managing various operating systems and
  96. applications to attack is a lot of work
  97. </LI>
  98. <LI>Difficult to automate test cases since there is no standardized interface
  99. to these tools
  100. </LI>
  101. <LI>You have to be careful about trojaned exploit code or worms which
  102. escape your lab
  103. </LI>
  104. </UL>
  105. Advantages of replay tools:
  106. <P>
  107. <UL>
  108. <LI>Since both the victim and attacker are virtual, there is no need to
  109. reboot/re-install systems after each test
  110. </LI>
  111. <LI>A complete test bed requires only a single system with two NIC's
  112. </LI>
  113. <LI>Once you have a library of pcap files, there is virtually zero management
  114. overhead
  115. </LI>
  116. <LI>Replay tools provide a common interface to emulating any attack against
  117. any OS/application making automation simple
  118. </LI>
  119. <LI>Pcap files are not executable, so trojans and escaping worms aren't
  120. an issue
  121. </LI>
  122. </UL>
  123. Disadvantages of replay tools;
  124. <P>
  125. <UL>
  126. <LI>There are trust issues regarding pcap files. Are you 100% sure that
  127. pcap file is correct (not corrupted, doesn't have truncated packets,
  128. actually contains the valid exploit)
  129. </LI>
  130. <LI>There are few publicly available pcap's which contain attacks useful
  131. for testing so you must create your own
  132. </LI>
  133. </UL>
  134. <P>
  135. <DIV CLASS="navigation"><HR>
  136. <!--Navigation Panel-->
  137. <A NAME="tex2html229"
  138. HREF="node8.html">
  139. <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
  140. <A NAME="tex2html225"
  141. HREF="FAQ.html">
  142. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  143. <A NAME="tex2html219"
  144. HREF="node6.html">
  145. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  146. <A NAME="tex2html227"
  147. HREF="node1.html">
  148. <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
  149. <BR>
  150. <B> Next:</B> <A NAME="tex2html230"
  151. HREF="node8.html">7 Required Libraries and</A>
  152. <B> Up:</B> <A NAME="tex2html226"
  153. HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
  154. <B> Previous:</B> <A NAME="tex2html220"
  155. HREF="node6.html">5 Common Questions from</A>
  156. &nbsp; <B> <A NAME="tex2html228"
  157. HREF="node1.html">Contents</A></B> </DIV>
  158. <!--End of Navigation Panel-->
  159. <ADDRESS>
  160. Aaron Turner
  161. 2006-08-07
  162. </ADDRESS>
  163. </BODY>
  164. </HTML>