Thursday, December 04, 2008  
Google
Web pcquest.com

CIOL Network sites

Search by Issue | CD Search | Sitemap | Advanced Search

"Ad:Discover Green Intelligence, make your business strong"
   
 Home > Developer > Shootout

Five UTMs Attacked

Continued from page: 1

Wednesday, September 05, 2007

Firewall tests
To test the firewall, we ran the industry standard vulnerability assessment tool Nessus; and a standard DOS attack. For running the DOS attack, we used ettercap's Nice DOS plugin.

The test was pretty simple. We connected the WAN port of the UTM device to the Internet with a public IP, ran Nessus and then the DOS attack, sitting on a machine connected to the Internet from a different gateway.

To interpret the results, we counted the numbers of warnings, and issues discovered by Nessus. And for the DOS attack we checked whether the device was able to log and drop the attack or not.

IDS/IPS tests
To test the IDS/IPS functionality, we focused on the capability of the device to detect internal attacks, or attacks that are generated from a trusted/private network.

To test this we ran an ARP spoofing tool on the IP address of the public port of the device (the IP which is used as the gateway address for the network), and we tried to check what exactly the device does to prevent such kind of attacks. ARP spoofing is a mechanism by which one can compromise the ARP cache of switches, and divert all traffic intended for some other IP, to one's own IP. This technique is also known as 'Man in the Middle Attack' or 'ARP flip-flop attack' or 'ARP Poisoning Attack'.

We ran the tests in two modes. First, we spoofed the gateway IP and then explicitly forwarded the data coming to the hacking machine, to the destination gateway. And in the second mode we stopped forwarding all the data to the actual IP.

Surprisingly, very few UTMs were able to detect and log this attack in the IP forwarding mode. And none of them were able to prevent or take a precautionary step.

At the same time, access to a UTM's private or gateway IP completely stopped when we ran the test in a 'non-IP forwarding' mode. This shows that even now, a 'Man in the Middle Attack' is one of the most dangerous attacks from inside the network and one of the stealthiest as well.

Performance
After all it comes to performance in the end. So to test and compare the throughput from all boxes, we used a tool called QCheck. This was done by connecting one machine to the public port of the device and another to the private port. Then we installed QCheck on both the machines and ran it with a packet size of 1Mb. The result was recorded in the form of throughput in Mbps.

Page(s)   1  2  



Untitled 1


Does your business have Green Intelligence

Before you press ctrl+p, get innovative

Conferencing: Merge time zones
   
 


 
 

Magazine Subscription | RQS | Contact Us | Team PCQuest

 
 
 
 
   

Copyright © CyberMedia. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmasterciol@cybermedia.co.in