Archive for Firewall

How to win in the age of cyber war

December 22, 2011

While the bad news is that experts are declaring that we have entered the age of cyber war, the worse news as we enter 2012 is that security systems and professionals are just not able to keep up. Security attacks are increasing in their complexity and intensity every day. These range from inter-state attacks (like the one on Raytheon this year and the ones from China that are being investigated by the U.S. government) to cyber-crime (that includes countless malware and DDOS attacks against businesses and consumers).

                            

Full Post »

Categories: DoS, Firewall, Fuzzing, SCADA, Uncategorized
145 Comments
Bookmark and Share

Validating Application Detection Signatures

December 13, 2011

In the new world of next-generation networks, pretty much every leading network equipment manufacturer (NEM) today has application-awareness built into their products. Whether it’s an application firewall, serving gateway or edge router, they’re all using deep packet inspection (DPI) to look deep into the network traffic to identify the specific application.

For example, Cisco has Application Visibility & Control, Juniper has AppSecure, Palo Alto Networks has App-ID, Sandvine has Traffic Identification and Tellabs has Application Identification.

Each vendor has their own proprietary database comprised of hundreds or thousands of application signatures and on finding a match, their system can then take action based on the defined policy (e.g. block an application, apply QoS, etc…)

Before these new application signatures are released however, testing is needed to ensure the accuracy of the detection. One of the major challenges is to avoid the false positive, in which an application is misclassified.

Full Post »

Categories: DPI, Firewall, iPhone, IPS, Netflix, Performance, Studio, Testing, Uncategorized
226 Comments
Bookmark and Share

Driving Real Application Traffic Through Junosphere Virtual Infrastructure

October 3, 2011

Today, Juniper announced Junosphere™ Lab, an innovative on-demand service that gives service providers and enterprises immediate and low cost access to a virtualized environment for designing and testing networks. Very cool stuff – leveraging the power of the cloud and helping customers dramatically reduce their TCO while accelerating the time to model networks.

Real Traffic in a Virtual Environment

So when you spin up a network environment and model a production topology, you’ll then need a way to create realistic application traffic to understand its impact across the network. That’s where we come in.

Mu Studio Performance has been integrated into the Junosphere Lab so you can just as easily spin up (and tear down) virtual instances of our performance testing solution to quickly and accurately recreate a mix of applications that represent the production environment – that is, real users on real devices, running real applications.

Full Post »

Categories: Cloud, DPI, EC2, Firewall, iPhone, IPS, Performance, Scalability, Scale, Studio, Testing, Uncategorized
414 Comments
Bookmark and Share

Ensuring the Accuracy of the Mu TestCloud Application Tests

September 19, 2011

In a previous blog I discussed how we had started to build out the test content for different kinds of applications across categories like P2P, video, chat and social media in our Mu TestCloud store. Fast-forward to today, and we’ve now got well over 2,000 tests, with coverage for hundreds of different apps. We’ve also got lots of customers who are actively using these ready-to-run tests for a wide range of use-cases – everything from verifying application detection signatures to validating application policies, as well as billing and charging.

But regardless of their domain, there are two common questions that customers are curious to understand:

1. How do we select the applications in the first place?
2. How do we ensure the accuracy of the tests?

So for this blog I’m going to give you a behind-the-scenes view into our test content creation process.

Full Post »

Categories: Android, DLP, DPI, Firewall, iPhone, IPS, Netflix, pcapr, Performance, Studio, Testing, Uncategorized, Video, Wireshark
178 Comments
Bookmark and Share

Creating an Application Mix to Model the Production Network

June 3, 2011

Video and P2P Rule!
The traffic making up today’s networks is in a rapid state of flux. Just last week Sandvine, in their Spring 2011 Global Phenomena Report, noted that real-time entertainment continues to increase, and within North America represents almost 50% of peak fixed access traffic (much of this of course is due to Netflix). P2P traffic also continues to carve out a sizeable piece of the pie at around 20%. The rest is a mix of voice, business apps, games, Facebook and chat.

What’s interesting though is that the relative amount of traffic that isn’t application-level is tiny – all the stuff that makes networks run like DNS, ICMP, BGP and so on.

Full Post »

Categories: Cloud, DPI, Firewall, iPhone, IPS, Netflix, Performance, Release, Scalability, Scale, Studio, Testing, Video
311 Comments
Bookmark and Share

Splits, handshakes and bananas

April 14, 2011

It doesn’t matter what business you are in, but #$*(‘ing with your customers by releasing advisories and threatening them to buy your product or services is just plain dumb. For those that are following the TCP-split-handshake epic #fail saga, I have to say, the vulnerability itself is a clever hack. By using double-SYN’s or simultaneous connections (which is incredibly rare and non-existent on most modern networks), one can trick firewalls and IPS’ in not tracking state. This is reminiscent of the original classic Insertion, Evasion and Denial of Service that covered lots of grounds in the pitfalls of deconstructing application state in real-time completely based on the packets that are flowing through.

Full Post »

Categories: Firewall, IPS, pcapr, Rants, Testing
163 Comments
Bookmark and Share

Mommy, Netflix is eating my firewall!

April 7, 2011

Personally, as a consumer, I love Netflix, but it hasn’t been the darling of service providers and ISP’s lately. You can read about the Canadian ISP saga here. Our imminent next release of Mu Studio will enable our customers to recreate 1,000,000 concurrent Netflix users watching a movie, so they can understand the impact of their application aware networks. One thing is pretty clear: compared to YouTube, Netflix inflicts so much more pain on the network. Credit for this blog goes to Yuri who did all the reverse engineering. And he’s signed up to Netflix to watch movies during work for “research” purposes. :)

Full Post »

Categories: DPI, Firewall, IPS, Netflix, Performance, Scale, Studio, Testing
377 Comments
Bookmark and Share