Real-World Attacks Put UnityOne to the Test

Testing TippingPoint Technolgies' UnityOne appliance on a live Internet testbed, eWeek Labs find that it delivers increased protection for networks.

eWEEK Labs tested TippingPoint Technolgies Inc.s UnityOne appliance on a live Internet testbed. In this manner, we exposed our network to the steady stream of Slammer and Blaster attacks that continue to float around the Internet, in addition to focused attacks conducted by a third party.

Our test network comprised a mix of Windows and Red Hat Inc.s Red Hat Linux servers—all protected at the gateway by WatchGuard Technologies Inc.s Firebox V80 firewall appliance. All servers were networked via a Cisco Systems Inc. Catalyst 3550 switch.

We configured our Windows 2000 Server and Windows 2003 Enterprise Server systems with Microsoft Corp.s Internet Information Services and SQL Server 2000. Although we installed Service Pack 4 on all Windows 2000 Server systems, we did not apply any other critical updates. This left the systems exposed to the nefarious MS03-39 (Blaster) and MS04-07 (ASN.1) vulnerabilities, among others.

Our Linux servers included a mix of Fedora Core 1 and Red Hat Linux 7.3 systems. We activated the default versions of Apache that came with the distributions; in fact, we performed no updates to the original distributions.

We used Qualys Inc.s QualysGuard Intranet Scanner to identify exposed vulnerabilities on each host. To verify that the firewall was permitting access to our vulnerability-ridden applications from the Internet, we performed a base-line security scan using Nessus from outside the firewall.

At this point, we placed the TippingPoint UnityOne device into the testbed on the WAN side of the firewall. We chose this implementation to expose the device to the maximum number of attacks possible and to offload traffic from the firewall.

To simulate a greater traffic load than would be possible with our T-1 Internet connection, we used an Ixia 1600T configured with a single four-port 10/100/ 1,000M-bps LM1000TXS4-256 adapter.

With the testbed complete, we enlisted Counterpane Internet Security Inc., a provider of managed vulnerability scanning and assessment services, to perform the attacks. Counterpanes engineers directed several waves of increasingly intrusive and disruptive attacks at our network. In between the attack waves, we worked with TippingPoint engineers to adjust and fine-tune the UnityOne appliance.

/zimages/3/28571.gifCheck out eWEEK.coms Security Center at for security news, views and analysis. Be sure to add our security news feed to your RSS newsreader or My Yahoo page: /zimages/3/19420.gif