Automating the hacking process

The Only Way To Test Your
Application Aware Network
Because you can’t use fake traffic to test a real network
MU DYNAMICS, INC. | ALL RIGHTS RESERVED | COMPANY CONFIDENTIAL | COPYRIGHT 2010
-2-
Mu Dynamics at a Glance
Founded in 2005, Market Focus:
• Pioneer and leading provider of testing solutions that enable faster,
higher quality deployments of application-aware networks
More than 80 customers and 150 deployments across
key verticals including:
• Top 5 Service Providers/Operators in North America
• Top 10 Network Equipment Vendors
• Multiple government agencies
Industry Recognition:
• 25+ awards for customer implementations, product innovation
• 2010 Inducted To SC Magazine’s Hall of Fame As Industry Innovator
• 2009 Unified Communications Excellence Award
Key Industry Partners:
2
Select Customers
3
Enabling a High Quality Deployment
TEST MODULES
Studio Verify
Studio Scale
Interop
Studio Fuzz
Protocol Fuzzing
PCAPR.net
Resiliency
Denial of Service (DoS)
Security
Published Vulnerabilities (PVA)
Scale
Monitoring
Automation
Reporting
Test Automation Platform
TESTING
Customer
Content
Functional
Security Platform
• Hardware appliance + Platform software
– Automation: Re-starters for lights out testing
– Fault Isolation: Monitors for SNMP, Protocol, Command, Syslog &
Console
– Remediation: Self-contained toolkit to reproduce defects
2u chassis
4x10G SFP+
4x1G SFP
Target
Appliance + Platform Software
5
Sample Apps on Mu TestCloud
Collaboration
•
•
•
•
eBuddy
Flickr
Google Docs
WebEx
Peer-2-Peer (P2P)
•
•
•
•
•
•
BitTorrent
eDonkey
Gnucleus
MUTE
Gnutella
Swapper
Social Networking
•
•
•
•
•
6
Bebo
Flixter
Friendster
MySpace
Orkut
Games/Facebook Apps
Instant Messaging (IM)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Café World
FarmVille
Lord of the Rings
Mafia Wars
Music Pets
Scrabble
World of Warcraft
YoVille
ZooWorld
Zynga
Misc. Apps
•
•
•
•
•
•
•
Adobe Updater
Apple Updater
Blogger
eBay
Picasa
WeatherBug
Yahoo! Finance
AIM
AOL
Google Talk
IRC
ICQ
Jabber
MSN
Rediff Bol
Yahoo! Messenger
Streaming
•
•
•
•
•
•
BBC iPlayer
Hulu
Metacafe
Silverlight
Skype
VNC
Protocols
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
CIFS
DIAMETER
FTP
H.248
HTTP
IMAP
LDAP
MGCP
MODBUS
MOUNT
NFS
POP3
Portmap
RADIUS
RTP
RTSP
SIP
SMTP
SNMP
TELNET
How Do You Test the Security of a Network
That is Faced with...
•
•
•
•
•
•
DDoS attacks
Cyber-security attacks
Known vulnerabilities
Viruses, malware, SPAM, unwanted content
Malformed traffic
In the face of
– Cloud enablement
– Data center consolidation
• Without affecting your users and valid applications
7
Mu Test Suite - Immediate Testing of Any App
Mu Studio
Scale
Ready-to-run Tests
on Mu TestCloud
30%
20%
50%
Pcaps on pcapr.net
8
App-Aware
Service
Introducing Mu TestCloud
• A cloud-based Test Asset sharing community
– http://testcloud.mudynamics.com
• Hundreds of App tests available today and growing rapidly
• Private Spaces
– With collaborators, Test Plans and Test Assets
– All your scenarios belong to you, accessible only to those you invite
• Crowd-source testing
How Studio Recreates Application Traffic
Client
HTTP
Server
Login - UserName - Password
Video Server
Accepted - Session ID
Request - Session ID - Movie
Response - Session ID - Video Server IP
Terminate - Session ID
Session Terminated - Session ID
Video Server IP - Login - UserName1 Password1
Accepted - Session ID-1
Parameters
Options: Green
Variables: Blue
Assertions: Red
10
Mu Workflow
Recreate real applications
by downloading ready-to-run
tests for 100s of apps from
the Mu TestCloud or
automatically generate tests
from traffic captures
It is as simple as...
Recreate
Mu
TestCloud
One test for Security, Scale
and Functional testing
Run
Security
(Fuzz)
Scale
Functional
(Verify)
µ
Your
Network
Share test cases with others,
inside and outside your org
Share
Internal
Teams
Vendors
Mu
TestCloud
Studio Scale Use Cases
• Application Signature Testing
– Ensuring app traffic is handled correctly
• L7/Application QoS Policy Control
– Testing of traffic classification/shaping, throttling
mechanisms
• Application Scalability/Capacity
– Sizing, capacity planning, dimensioning of infrastructure
12
Security Threats are Increasing and Costing Millions
• New and emerging threats
– Worms, viruses, malware, vulnerabilities, DDoS attacks
– Social media, smartphones at high risk
• High profile outages and disruptions cost millions
– Mastercard, Citigroup, Sony, Amazon, Lockheed Martin
Over 3 billion malware attacks in 2010 (Symantec)
Over 15,000 cyber-attacks per day on US Gov (DHS)
13
Operators Need to Strengthen Defenses to
Ensure Network Security
• Perimeter defense systems against threats
– Firewalls, UTM, IPS/IDS, Network security and Web/Email gateways
• Core infrastructure against unknown weaknesses
– Critical Infra systems, Unified Comms. systems, Web servers
14
Requirements for Network Security Testing
• Unified
– Single solution for multiple types of security threats
– Use common workflow for test creation, execution and reporting
– Collaboration tools for faster defect remediation
• Exhaustive
– Provides millions of malformed test cases
– Extends to custom and standard apps and protocols
– Leverage new known attacks as they are discovered
• Simple
– Readily available test content for rapid testing
– Does not require a security expert to derive value
15
Fuzz Testing for Resilience
• Auto-generate custom fuzz test cases from captures
– Your traffic for custom and proprietary protocols
– Community pcaps
• Millions of fuzz test cases for standard protocols
• Integrated set of monitors to identify weaknesses
• Remediation tools to accelerate defect resolution
Single Agent
16
Multi-Agent
Known Attacks
• Audit firewalls, IPS/IDS, UTM using thousands of known
attacks
• Run tests with impairments to evade detection
– Fragment, delay, reorder, re-sequence, drop, etc.
• Obtain monthly updates for the latest known attacks
PV
17
Distributed Denial of Service
• Create custom DDoS flood tests for any protocol or app
• Run application-level DDoS testing
• Obtain actionable results
– Correlate injection rate and monitor results with crashes/faults
DoS
18
The Mu Advantage
Accuracy
Legacy Test Tools
Mu Studio
Garbage In  Garbage Out
Real Traffic In  Real Traffic Out
Synthetic application traffic
(random 1s & 0s in the application payload)
Real application traffic
TCP Replay
Application Replay
Immediate access to 1,000s of ready-to-run test cases
Speed
Months-long delay waiting for test tool vendor
to write new tests
Ability to generate—in minutes—100s of automated tests
from a single traffic capture
Ability to create new tests as soon as new applications emerge
Flexibility
Single-purpose test tool
Multi-purpose test platform
Finite number of tests
Infinite number of tests
Vendor priorities drive test creation
Customer priorities drive test creation
RFC driven
Real-world driven
Standard protocols
Applications
Non-standard, proprietary protocols
AND
Standard protocols
Bit-blasters (or network protocol generators)
are best for testing
throughput and RFC compliance
Mu is the only test solution that can accurately recreate
application traffic, making it a
must-have for testing application-aware networks
Bottom
Line
19
Customer Success -
Adaptive Security Appliances
• Challenge
– Ensure resilience of security gateway system that inspects Cisco
proprietary and standard services
• Solution
– Testing Skinny, SIP, HTTP, RTSP and other protocols to ensure that
system does not allow unknown vulnerabilities into the secured network.
Simulating malformed traffic to test protocol parsers for resilience.
• Results
– Identified multiple issues with multiple protocols like SIP
– Discovered 33% more defects than other test tool
– Percentage of customer vs internal found vulnerability defects (20/80)
“The Mu solution was able to find many hidden vulnerabilities in our
products. I had no solution for testing proprietary protocols like Skinny
until Studio.”
20
Key Differentiators for Mu Test Solution
5 Techniques for Proactive Security and Reliability Testing
1)
2)
3)
4)
Stateful Protocol Fuzzing – support for 70+ protocols
Mu Studio Zx – Fuzzing real world traffic scenarios
Denial of Service flood attack module
Published Vulnerability Analysis (known exploits)
Mu Dynamics Confidential
21
Differentiators for Mu’s Protocol Fuzzers
•
Mu test platform can act in BOTH endpoint mode testing the control plane of the DUT and
pass-thru mode (acting as the sender and receiver)
•
Mu test platform can act as both the client and server using two physical test interfaces
exercising the forwarding engine of the DUT and/or an entire network architecture.
•
Mu provides test coverage for MPLS, L2 VPN’s, and running all services over IPv6 stacks
which is critical to Service Providers, and Enterprise customers leveraging MPLS VPN
services
•VPLS using LDP for PW and MPLS tunnel setup
•VPLS using BGP for PW setup and LDP for MPLS tunnel setup
•RSVP-TE
•VPLS using BGP for PW setup and RSVP for MPLS tunnel setup
Mu Dynamics Confidential
22
Differentiators for Mu’s Protocol Fuzzers
•
Mu test platform can perform automatics fault isolation on soft faults and not just hard
crashes
•
Soft faults are detected using Response Time Measurements which are collected and
graphed out in real time. These metrics are unique to the Mu fuzzing framework and
can expose weaknesses that other tools miss including service interruptions and
performance degradation, slow memory leaks, etc..
•
Mu test platform can perform automatic fault isolation based on service failure or integrated
Monitors (CLI Command Monitors, Passive Console Monitors, Log Monitors, Syslog
Monitors, and SNMP Monitors). The Mu test solution has these “Integrated Monitors” built
in (plug n play) to identify more bugs than legacy software tools that provide pre-compiled
test cases.
•
Mu test platform can instrument multiple protocols concurrently as health checks. If any
service fails the Mu will automatically isolate which fuzz test case causes any of the
protocols running on the DUT to fail.
•
For example, fuzz testing BGP and monitoring the health of BGP, OSPF, LDP, and PIM during the
test run. If any of these 4 services has a failure the Mu will identify which BGP fuzz test cases
causes the issue. This is key for System Testing..not just protocol level testing.
Mu Dynamics Confidential
23
Differentiators for Mu Studio Zx
•
Mu Studio Zx was released 1 year ago as a ground breaking approach to fuzz testing. It has been
rapidly adopted by major SP accounts and carrier equipment vendors.
•
The Mu Studio Zx modules allows the user to import packet captures and auto-generate intelligent fuzz
test cases based on real world transactions. This is not packet replay.
•
Mu is the only commercial solution that can fuzz multi-protocol transactions in the same test scenario
against a endpoint device (e.g. router or endpoint application)
•
Mu Studio provides tools to make interactions with an endpoint stateful.
•
Mu Studio can replicate a field issue and then auto-generate boundary test cases for the flows causing
the field issue
•
Fuzz test cases using Mu Studio can be run over a variety of transports including Ethernet, IPv4, IPv6,
UDP, TCP, TLS, SCTP, etc.
Mu Dynamics Confidential
24
Differentiators for Denial of Service Module
• Ability to simulate Denial of Service flood attacks for validating robustness of services including routing
protocols, multicast protocols, management protocols, VoIP, IPTV, etc.
•Well known DoS attacks also available – TCP, UDP, ICMP
•Customer-selectable payloads can be randomized e.g. OSPF Hello Flood, IGMP Join Flood, Tunneling Flood
traffic scenarios in L2 VPN’s, IPv6 flood attacks
• Mu provides the only DDoS tool that can randomize the application payload exposing weaknesses that other
tools miss
•User-specified ramp-up, ramp-down rates and patterns
•Selectable instrumentation protocol used for response time metrics
•For example, monitoring VPLS tunnel setup while flooding OSPF Hello packets
•Results:
Identify ramp time and packet rate to cause a service failure
Identify recovery time after DoS attacks are stopped
Monitor CPU, Memory, and other resource utilization levels
•Denial of Service test scenarios are Mu XML templates that can be executed during release cycle to test
policing features designed to protect the control plane of core and edge routers
Mu Dynamics Confidential
25
Executive Summary
• Challenge: Operators & MSOs need to test their
application-aware networks to ensure they work
and scale appropriately
• Requirements: The key to solving this testing
challenge is accuracy, speed and flexibility
• Mu Solution: A single test platform for Security,
Scalability and Functionality that provides:
– Tests that accurately reflect their network
– Test case creation in minutes, not months
– Flexibility to handle new application flows and
requirements
26