- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
|
||||
Product basics: The Mu-4000 allows for testers to analyze a network product or application for known and unknown security vulnerabilities in a repeatable way.
Tester: Tom Henderson, principal researcher, ExtremeLabs
Tester's take: In the labs, we get asked to assault various products for fun, but mostly profit. We've used different tools, including self-made packet assault tools. Some of the self-made tools do things such as emulate distributed denial-of-service attacks, TCP-SYN attacks and so on. We had an appliance from a small company called Mu Security on the shelf for a while. At first, we hesitated to use it because it had a limited repertoire in some of the areas we needed -- specifically in DNS. Then it upgraded the software, and the world changed a bit.
The Mu-4000 works by using known and conjured attacks, and then keeps the results in a database, allowing us to analyze failures. What's resulted is our ability to take a given device, be it a server, switch, router or any other device that connects via Ethernet, and subject it to an automated sequence of tests. At the end, instead of finding a failure, we can usually tell exactly what cracked the device. Instead of a siege-assault where we know we blew something up, we get a graduated indication of where and, often, what did the trick. It's not a totally perfect system, and it still requires using a deliberate methodology to attack a device. But what we get is an analysis of predictable failure points. You'd be amazed at what devices crack under what kinds of pressure with what kinds of attacks -- we now look at Gigabit Ethernet switches in an entirely new way; we'd thought them largely invulnerable, but now know quite differently.
The software still has some rough edges, but Mu Security is onto something that we can't find in products from competing vendors. Programmable non-destructive penetration testing just got a little easier.
Of note: The "Mu" in the product name stands for "mutate the protocols," company founders say. That is, the goal is to discover how network equipment subjected to the Mu-4000 copes with the twists, turns and distortions of applied attacks.
Read how the Mu-4000 helped in a recent standalone intrusion-prevention-system test and in the IPS portion of a unified threat management test.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment