MU-4000s Plan of Attack

By Cameron Sturdevant  |  Posted 2007-01-15 Print this article Print

eWEEK Labs' tests of the ZyWall 1050 Internet security appliance was also a test of Mu Security's Mu-4000 Security Analyzer.

eWEEK Labs tests of Zyxel Communications ZyWall 1050 Internet security appliance was also a test of Mu Securitys Mu-4000 Security Analyzer.

The Mu-4000 is a 2U (3.5-inch) appliance that performs IP security analysis using a repeatable process. The appliance logs results to gauge the vulnerability of IP-based applications and network devices.

The Mu-4000, which we tapped for the first time during our evaluation of the ZyWall 1050, uses protocols to create the tests that put applications and devices through their paces. It supports almost 30 protocols, including SSH (Secure Shell), TCP and UDP (User Datagram Protocol).

The protocol mutations used to attack systems are based on Mu Security-supplied guidelines for how security products are designed to work, as well as on hacker methodologies and secure programming techniques. The Mu-4000 also can use custom-developed attack scripts.

Mu-4000 pricing starts at about $35,000. Protocols are licensed individually, with significant discounts based on the number of components purchased. This pricing makes the Mu-4000 appropriate for device makers and large enterprises. QA (quality assurance) engineers and senior IT implementation managers will get plenty of useful information about a variety of IP devices used (or slated to be used) in the network.

During tests, we updated our Mu-4000 system from Mu Securitys Web site to get attacks designed to reveal machines and software that are susceptible to newly published vulnerabilities.

We used a modest test set, putting the ZyWall 1050 up against SSH Diffie-Hellman Group Exchange Key Requests, SSH banners and SSH messages.

We were able to start running rudimentary tests based on examples from tutorials included with the Mu-4000. However, it will take several months to fully master the platform because of the large number of tests available and the amount of in-depth knowledge required to correctly configure the tests.

The anatomy of our simple tests was as follows: First, we cabled the ZyWall 1050 onto the test ports of the Mu-4000. We also powered the ZyWall 1050 from a power outlet in the Mu-4000 so that the Mu-4000 could power-cycle the ZyWall 1050 if it became unresponsive as a result of attack traffic.

We then configured the testbed by specifying that the endpoint was directly connected while also supplying the IP address of the ZyWall 1050.

We configured the Mu-4000 to passively monitor the syslog data coming from the ZyWall 1050 to determine if the device was responsive while under attack. Configuring monitor settings requires a fair amount of knowledge about the device under test—we spent a significant amount of time determining the exception patterns that would be logged by the ZyWall 1050 to indicate that it was no longer working correctly.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel