MU-4000s Plan of Attack | eWeek

MU-4000s Plan of Attack

Jan 15, 2007
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

eWEEK Labs tests of Zyxel Communications ZyWall 1050 Internet security appliance was also a test of Mu Securitys Mu-4000 Security Analyzer.

The Mu-4000 is a 2U (3.5-inch) appliance that performs IP security analysis using a repeatable process. The appliance logs results to gauge the vulnerability of IP-based applications and network devices.

The Mu-4000, which we tapped for the first time during our evaluation of the ZyWall 1050, uses protocols to create the tests that put applications and devices through their paces. It supports almost 30 protocols, including SSH (Secure Shell), TCP and UDP (User Datagram Protocol).

The protocol mutations used to attack systems are based on Mu Security-supplied guidelines for how security products are designed to work, as well as on hacker methodologies and secure programming techniques. The Mu-4000 also can use custom-developed attack scripts.

Mu-4000 pricing starts at about $35,000. Protocols are licensed individually, with significant discounts based on the number of components purchased. This pricing makes the Mu-4000 appropriate for device makers and large enterprises. QA (quality assurance) engineers and senior IT implementation managers will get plenty of useful information about a variety of IP devices used (or slated to be used) in the network.

During tests, we updated our Mu-4000 system from Mu Securitys Web site to get attacks designed to reveal machines and software that are susceptible to newly published vulnerabilities.

We used a modest test set, putting the ZyWall 1050 up against SSH Diffie-Hellman Group Exchange Key Requests, SSH banners and SSH messages.

We were able to start running rudimentary tests based on examples from tutorials included with the Mu-4000. However, it will take several months to fully master the platform because of the large number of tests available and the amount of in-depth knowledge required to correctly configure the tests.

The anatomy of our simple tests was as follows: First, we cabled the ZyWall 1050 onto the test ports of the Mu-4000. We also powered the ZyWall 1050 from a power outlet in the Mu-4000 so that the Mu-4000 could power-cycle the ZyWall 1050 if it became unresponsive as a result of attack traffic.

We then configured the testbed by specifying that the endpoint was directly connected while also supplying the IP address of the ZyWall 1050.

We configured the Mu-4000 to passively monitor the syslog data coming from the ZyWall 1050 to determine if the device was responsive while under attack. Configuring monitor settings requires a fair amount of knowledge about the device under test—we spent a significant amount of time determining the exception patterns that would be logged by the ZyWall 1050 to indicate that it was no longer working correctly.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.