123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 |
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
- <!--Converted with LaTeX2HTML 2002-2 (1.70)
- original version by: Nikos Drakos, CBLU, University of Leeds
- * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
- * with significant contributions from:
- Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
- <HTML>
- <HEAD>
- <TITLE>6 Testing Methodologies</TITLE>
- <META NAME="description" CONTENT="6 Testing Methodologies">
- <META NAME="keywords" CONTENT="FAQ">
- <META NAME="resource-type" CONTENT="document">
- <META NAME="distribution" CONTENT="global">
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
- <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
- <LINK REL="STYLESHEET" HREF="FAQ.css">
- <LINK REL="next" HREF="node8.html">
- <LINK REL="previous" HREF="node6.html">
- <LINK REL="up" HREF="FAQ.html">
- <LINK REL="next" HREF="node8.html">
- </HEAD>
- <BODY >
- <DIV CLASS="navigation"><!--Navigation Panel-->
- <A NAME="tex2html229"
- HREF="node8.html">
- <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
- <A NAME="tex2html225"
- HREF="FAQ.html">
- <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
- <A NAME="tex2html219"
- HREF="node6.html">
- <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
- <A NAME="tex2html227"
- HREF="node1.html">
- <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
- <BR>
- <B> Next:</B> <A NAME="tex2html230"
- HREF="node8.html">7 Required Libraries and</A>
- <B> Up:</B> <A NAME="tex2html226"
- HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
- <B> Previous:</B> <A NAME="tex2html220"
- HREF="node6.html">5 Common Questions from</A>
- <B> <A NAME="tex2html228"
- HREF="node1.html">Contents</A></B>
- <BR>
- <BR></DIV>
- <!--End of Navigation Panel-->
- <H1><A NAME="SECTION00070000000000000000">
- <SPAN CLASS="arabic">6</SPAN> Testing Methodologies</A>
- </H1>
- <P>
- A topic which comes up regularly, is how to use tcpreplay to test
- products like intrusion detection/prevention devices (IDS/IPS) and
- deep inspection firewalls. Generally, I hear people suggest three
- things:
- <P>
- <OL>
- <LI>Use security scanners like Nessus
- </LI>
- <LI>Use ``real attacks'' like those generated by Metasploit
- </LI>
- <LI>Use a replay tool like tcpreplay to generate attack traffic
- </LI>
- </OL>
- First, let me say that security scanners like Nessus do a really crappy
- job of testing the effectiveness of IDS/IPS and firewalls. The simple
- reason is that security scanners don't try to exploit vulnerabilities
- because it creates problems on the network. IT managers don't like
- it when their servers start rebooting or routers crash, so scanners
- use other non-agressive techniques like banner grabbing to find potentially
- vulnerable systems. Simply put, these non-agressive techniques often
- look nothing like a real attack.
- <P>
- That leaves generating ``real attacks'' and replay tools.
- <P>
- Advantages of real attacks:
- <P>
- <UL>
- <LI>It's clear when you have a valid test case because the target system
- is compromised
- </LI>
- <LI>Exploit code and attack tools are widely available for many attacks
- </LI>
- </UL>
- Disadvantages of real attacks:
- <P>
- <UL>
- <LI>After the test case is run, the target system may be unstable or corrupted,
- requiring a reboot or re-install
- </LI>
- <LI>Generally requires two systems: a target (often running VMWare) and
- an attacker system
- </LI>
- <LI>Installing, configuring and managing various operating systems and
- applications to attack is a lot of work
- </LI>
- <LI>Difficult to automate test cases since there is no standardized interface
- to these tools
- </LI>
- <LI>You have to be careful about trojaned exploit code or worms which
- escape your lab
- </LI>
- </UL>
- Advantages of replay tools:
- <P>
- <UL>
- <LI>Since both the victim and attacker are virtual, there is no need to
- reboot/re-install systems after each test
- </LI>
- <LI>A complete test bed requires only a single system with two NIC's
- </LI>
- <LI>Once you have a library of pcap files, there is virtually zero management
- overhead
- </LI>
- <LI>Replay tools provide a common interface to emulating any attack against
- any OS/application making automation simple
- </LI>
- <LI>Pcap files are not executable, so trojans and escaping worms aren't
- an issue
- </LI>
- </UL>
- Disadvantages of replay tools;
- <P>
- <UL>
- <LI>There are trust issues regarding pcap files. Are you 100% sure that
- pcap file is correct (not corrupted, doesn't have truncated packets,
- actually contains the valid exploit)
- </LI>
- <LI>There are few publicly available pcap's which contain attacks useful
- for testing so you must create your own
- </LI>
- </UL>
- <P>
- <DIV CLASS="navigation"><HR>
- <!--Navigation Panel-->
- <A NAME="tex2html229"
- HREF="node8.html">
- <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
- <A NAME="tex2html225"
- HREF="FAQ.html">
- <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
- <A NAME="tex2html219"
- HREF="node6.html">
- <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
- <A NAME="tex2html227"
- HREF="node1.html">
- <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
- <BR>
- <B> Next:</B> <A NAME="tex2html230"
- HREF="node8.html">7 Required Libraries and</A>
- <B> Up:</B> <A NAME="tex2html226"
- HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
- <B> Previous:</B> <A NAME="tex2html220"
- HREF="node6.html">5 Common Questions from</A>
- <B> <A NAME="tex2html228"
- HREF="node1.html">Contents</A></B> </DIV>
- <!--End of Navigation Panel-->
- <ADDRESS>
- Aaron Turner
- 2006-07-17
- </ADDRESS>
- </BODY>
- </HTML>
|