Keep attack tools on a tight leash, isolate networks and know LANs.
To put Top Layer Networks Inc.s Attack Mitigator through its defensive paces, eWeek Labs used 60 clients, some set up as targets, most set up as attackers; a Dell Computer Corp. four-way PowerEdge 6300 500MHz system running Windows 2000 with Microsoft Corp.s Internet Information Services as the main target.
On the software side, we used vulnerability assessment and stress tools including Nessus, from Nessus.org; Nmap, a Linux-based security tool; Microsofts Web Application Stress Tool and specialized test tools from Top Layer.
The Attack Mitigator navigated these tests with flying colorsthe mystery that network and systems managers must solve is how to test these kinds of defenses in the enterprise. We cannot stress this point enough: Network administrators must learn as much as possible about the performance characteristics of their LAN before testing any product.
Here are some of the other lessons we learned along the way.
First, isolate the network as much as possible. Tools such as Nessus and Nmap are dangerous if turned loose on real systems.
We used a basic test configuration that harnessed two Cisco Systems Inc. 2500-series routers cabled back-to-back to simulate a WAN connected via a T-1 link. After checking connectivity and running basic Web stressing tools on the test Web site, we inserted the Attack Mitigator in front of the router that connected our simulated Internet to the test network.
Next, we repeated the same performance tests. This step took a lot longer for two reasons. First, the tests themselves ran longer because the Attack Mitigator worked, and, therefore, the attacks did not down our target systems. Second, we did a lot of fiddling with the threshold parameters around rate limiting for ICMP, or Internet Control Message Protocol, and FTP packets as well as for malformed packets. As we ran and reran tests, we got better at seeing how different kinds of attack traffic messed with our networkinformation thats priceless to network managers.
Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at firstname.lastname@example.org.