ixia breaking point
TRANSCRIPT
The purpose of this Product Roadmap is to make available to Ixia's existing and prospective customers on a confidential basis certain information with respect to Ixia's current product development plans, schedule and strategy. Please note that the Product Roadmap is provided for discussion purposes only and that the information concerning Ixia's plans and schedules to develop, make available and release any of the Products, features and functionality described herein is subject to change at any time by Ixia in its sole discretion. This Product Roadmap does not commit or obligate Ixia or any of its affiliates to pursue or undertake the development or release of any Product, feature or functionality in accordance with any timetable, nor to constitute a license or any other right to use or acquire any Product, feature or functionality described herein. Ixia undertakes no obligation to update this Product Roadmap or any information contained herein. Ixia is only obligated to provide those deliverables specifically included in a written agreement between Ixia and the customer. ©2014 Ixia. All rights reserved.
Паливода АлександрСистемный инженер
End-to-End семейство продукции
Wireless Testing Acquired June 2009
Increased Router Testing
Acquired Oct 2009
Wi-Fi, WLAN TestingAcquired July 2011
Founded in 1997 IP Testing
Network VisibilityAcquired June 2012
Actionable Security Intelligence (ASI)
Acquired August 2012
Asse
ss/M
onito
rTe
st
IXIA помогает сервис-провайдерам: Ускорять и улучшать качество сервисов Тестировать совместимость
оборудования разных вендоров Усилить контроль качества сервисов и
производительности сети
IXIA помогает производителям оборудования: Разрабатывать устройства нового поколения Быстрее выходить на рынок Улучшать надёжность и производительность
IXIA помогает предприятиям: Усилить контроль производительности
корпоративных приложений и сетей Найти и обезвредить угрозы
безопасности корпоративной сети Тестировать оборудование и приложения
различных вендоров
IXIA помогает разработчикам микросхем: Тестировать соответствие стандартам Быстрее выйти на рынок
САМОЕ АВТОРИТЕТНОЕ имя в отрасли
ACTIONABLE SECURITY INTELLIGENCE:
BREAKINGPOINT
CREATEApplication and threat intelligence
CONTROLSimulation and testing
TRANSFORMIT Lifecycle resiliency
Inception
Deve-lopment
Training
Moni-toring
RiskMitigation
Selection& deployment
Technologies
People
Processes
IXIA BreakingPoint Заказчики
Performance Marketing Numbers
Based on: Basic Network Topology
Real World
• Based on: HTTP over TCP• Using simplified HTTP GET / HTTP Response
Performance Marketing Numbers
GET /index.html HTTP/1.1Host: www.test.comUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
HTTP/1.1 200 OKConnection: Keep-AliveContent-Length: 64
<html><head><title></title></head><body>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</body></html>
HTTP GET
HTTP Response
Real HTTP Headers
GET /index.html HTTP/1.1Host: www.ebay.comConnection: Keep-AliveIf-None-Match: 803b819a1df0957da129566cec8e3cbfUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)Accept: */*Accept-Language: en-usAccept-Encoding: gzip,deflateUA-CPU: x86Cookie: ASP.NET_SessionId=xhbjlk55neycqlarecmeu5fr
HTTP/1.1 200 OKETag: 6384d66d7ee0026973f5100bee519de6Last-Modified: Sun, 13 Dec 09 13:17:36 GMTDate: Tue, 12 Oct 10 09:35:31 GMTConnection: Keep-AliveServer: Microsoft-IIS/6.0Cache-control: privateContent-Type: text/htmlContent-Length: 1171
<html><head><title>RealWorldTest Page</title></head><body><p>Copyright (C) 2005-2009</p><p>HeUmCMc3TkMAK0BuD3dJ1hCCg3WvYPrSeMOI2NdYKwDapdtovN7jzWz2vWps6zomNpcyLfx2fjeuBc5TBZWeW9NvKdnryiN6G3tfBnXDLDf20jj3uT2bQCKvxe8o5VOnHCQEMGVB0UCAhNcuyjgRNbrgI6r2vLNH6RAs9Vxb77c4qroXh5Vu41l7DYjCDnZiBe3jLaDUBzmOItvL5GcjQ36ami5MIHlNK9F0hmmblT5yJwaJKUQQJ7BzwduRa08pIA1nQDdhfElI7Nqmwlqlnv18yxKl6aBu5kLCE4MXJJlrvAOAaZp2c0FVI5OGSRYNrn861yV5E2v0nF0OVNQR60uyG9cPuqN60wv1LHRjBWDYf6etP8TjBWfXrAKGCDlGD7CS0ABbsVUF94uTp9DwkSVhTSltDPDL6SnlGS37KAHESou0Hja2eZDt5wJhIaDYLxHYbhy7pMKg1AdTkuCoMXh8o8DxwD5LYSrQrjlyrhqgcJRJFHyGNV0XXmOXzNGHBaDNKWWXiD7KRlrvgs1xtwC17U3aDxljYWvT1Pd4djzOwvUtF1ZWHoy23qr1XTHbjm58nxFLRMg3pbUnBwG3F02sUHxW9475BnlcP690xkOeLeq9ilRbb3mE0TpZHH2wI75vVbon4jEBxJTVZ2BCoxyKDfjuqY8OmIlc6DcTJGYPuJaesqW5NBufThdaTHUtdrbC3aMN5vZHUuBWjIb6a4FWcqLKfs95llsSLc1k1beWVgSrEXGNvJZ8YS7vIrxrk7MjZpSIlO1NhcGNJm34acKgy0N4ZNOl0vh7xzpdLsXVbRocKVj2LVcQYNhJw6K1FhGG2ybyZdLGGSUNUiLor4YaaqZCJy8fKVEdfEscwqmkVlnuZCaifdA16zFwqjZGz6YsKg5vKAa9wzbTCxhnjBFEK3jdzClpELWUNnuBuTkuJPXSJeJsy2sZ9ymQt9lPWvralO6m7QXvJL5f2ZqMJdQIdRSSuclKPt23OF0K</p></body></html>
Real Application Content
Что возможно с Breaking Point?
• Realistic Traffic
• Malicious Traffic
Ethernet Frames Layer 2
IPv4/6 Frames Layer 3
Stateful TCP/UDP Layer 4
PCAP Captures Recreate Layer 4
220+ Applications Client/Server Simulator Layer 7
Application Client Only Simulator Layer 7
35000+ Attacks 80+ Evasions
TCP/UDP Fuzzing Application Fuzzing
Список приложенийRemote AccessRDPREXECRFBRloginRSH
Telnet
Voice | Video | MediaAresBICCH.225.0H.225 RASH.245H.248HTTP Live Streaming (HLS Apple)MMS MM1RTCPNetFlixRTP (bi/uni directional)RTCPRTSPSCCP (Cisco Skinny)SlingboxSIPSkypeSkype UDP HelperSTUN v1/v2TangoTVantsYouTube
Telephony and Cable TVSMPPMM1TR-069
System/Network AdminBGPDNSIDENTIPFIXIPMI v1.5ISCSIFingerLDAPMicrosoft UpdateNetFlowNTPPCP (Port Control Protocol)PortmapperRIPRPC Bind / MountRemoteUsersSNMP v1/v2Sun RPCSyslogTime
Testing and MeasurementChargenDaytimeDiscardEchoOWAMP Control / TestQOTDTWAMP Control / Test
Social Networking FacebookFlickrLinkedinTwitterWikipedia
Peer-to-PeerAppleJuiceBitTorrent Peer / TrackereDonkeyGnutella 0.6 (Firewalled and UDP)Gnutella Leaf / UltrapeerPPLive/QQLivePPTPSoapCast / SoulSeekuTorrentWinNY
MobileActiveSyncApple App iTunes/StoreAndroid MarketHTTP MobileBlackBerry ServicesBBC iPlayerFacebook for IOS DevicesGoogle Android MarketS1APTuMeTVUplayerViberYouTube MobileWhatsApp
Streaming MediaPandoraNetflix
SCADAIEC104
Custom ApplicationsRAW
Список приложенийChat | Instant MessagingAIM6AOL Instant MessengerGoogle TalkGadu-GaduICQIRCJabberMSNMSNPMSN SwitchboardOSCAROSCAR File TransferQQ IM / LiveWindows Live MessengerWinnyYahoo! Messenger
AuthenticationDIAMETERRADIUS AccountingRADIUS Access
DatabasesIBM DB2InformixMicrosoft SQLMySQLOraclePostgreSQLSQLMONSybaseTDSTNS
Data TransferFTPGopherHTTPNNTPRSyncTFTPWebDav
Data Transfer / File SharingIPPNetBIOSNETBIOS DGMNETBIOS NSNETBIOS SSNNFSRPC NFSSMBSMB/CIFSSMBv2
Email | Webmail
@mail.ru
AOL Webmail
Google Gmail
GMX Webmail
MSN Hotmail
Microsoft Exchange (MAPI Exchange)
IMAP
IMAPv4 Advanced
Orange WebMail
Outlook Web Access
POP3
Rediffmail WebMail
SMTP
Yahoo! Mail
Yahoo! Mail Classic
FinancialFIXFIXTITCHOUCHGames
World of WarcraftXbox Live
Enterprise ApplicationsDCE/RPC Endpoint MapperDCE/RPC Exchange DirectoryLPDMODBUSSAP
Distributed ComputingCitrixDCE/RPCVMware VMotion
Web ApplicationBing SearcheBayGoogle SearchGoogle MAPGoogle EarthPaypalReddit WebAppYahoo SearchWebEx
Secure Data TransferHTTPSSSH
Representative Traffic Mixes
Real-World Application Traffic MIX
BreakingPoint Applications
Facebook is an application
… and you have full control to create many application flows using intuitive workflow
Best application coverage200+ applications2479+ predefined superflows12,000+ configurable actions
Сетевые атаки
YouTube
Malware POP3
FTPLDAP
DNS
Oracle
Real Attacks: Strikes / Malwares / DDOS / BOTNET Real Evasion Techniques Attacks and Legitimate Traffic at the same time
SQL 1njecti0n
XSS BufferOverFlow
Fl@me RuDY
Recon Tr0jan ZeuS
SlowLoris
. . . .
Производительность приложений и устойчивая безопасность
SecurityРаскрываются уязвимости и слабые стороны с помощью последних атак, evasions, malware, приложений и спама.
Снижение риска путем гарантии защиты всех элементов сети от последних атак нулевого дня.
How Benefit
PerformanceПри повышенных нагрузках с атаками выявляются истинные стрессоустойчивость, емкость и масштабируемость.
Повышение производительности путем проверки сети или дизайна и конфигурации ЦОД. Понимание производительности под нагрузкой, атаками и при изменении условий
StabilityИспользование impairments, таких как искажение пакетов и экстримальные нагрузки для оценки стабильности системы.
Проактивное выявление слабых мест в целях предотвращения деградации системы или дорогостоящих простоев
RESI
LIEN
CY
HTTP vs Real-World Application Protocols
Test Scenario Vendor 1 Vendor 2 Vendor 3 Vendor 4HTTP RATE 25,000 140,135 18,000 75,000HTTP BANDWIDTH 3.1 Gbps 10 Gbps 5.1 Gbps 6.35 Gbps
Test Scenario Vendor 1 Vendor 2 Vendor 3 Vendor 4APP-MIX RATE 7376 53594 24924 30,000APP-MIX BANDWIDTH 0.58 Gbps 3.8 Gbps 1.3 Gbps 2.6 Gbps
Vendor 1 Vendor 2 Vendor 3 Vendor 40
20,000
40,000
60,000
80,000
100,000
120,000
140,000
HTTP RATE
APP-MIX RATE
Vendor 1 Vendor 2 Vendor 3 Vendor 40
1
2
3
4
5
6
7
8
9
10HTTP BANDWIDTH
APP-MIX BANDWIDTH
Attacks vs Attacks and Real-World Application Protocols
Test Scenario Vendor 1 Vendor 2 Vendor 3 Vendor 4444 ATTACKS 99 228 68 311
444 ATTACKS - Evasion Technique
99 225 46 309
444 ATTACKS - Real World Traffic
20 208 42 192
Vendor 1 Vendor 2 Vendor 3 Vendor 40
50
100
150
200
250
300
350
444 ATTACKS444 ATTACKS - Evasion Technique 444 ATTACKS - Real World Traffic
Легитимный и вредоносный трафик
PerfectStorm OneTM
Legi
timat
e Ap
plic
ation
Tra
ffic
Device Under Test
Malicious Traffi
c Mal
icio
us T
raffi
c
Legitimate Application Traffi
c
YouTube
Malware POP3
FTPLDAP
DNS
Oracle
Over 35000+ Vulnerabilities DDOS, Attacks and Malwares
Over 100+ Evasion Techniques Over 30+ DDOS patterns Layer 2 to 7 Fuzzing
Более 240+ Application Protocols 80Gbps of Application Traffic 2Million Connection/Second 60Million Concurrent Connections
BreakingPoint использует Markov algorithm для генерации реального контента
Example Real Content HTML + Markov + Random CSS
Markov + Chat ConversationMarkov in Email with
‘target’ word insertion
No other product can perform Markov String Generation! Content NEVER REPEATS and will fully exercise a content aware device!
A Markov Strings demonstration will
illustrate our value over Spirent every time !
Markov supports multiple languages
TCP Fragmentation
IP Fragmentation
Evasions
BreakingPoint – Most complete coverage for IPS evasions
Evasions – a HUGE differentiator in IPS testing! Over 100+ evasions supported by BreakingPointMix multiple layers of evasions
Fuzzing Application Protocols
• Measures stability in face of corrupted traffic • Validates integrity of protocol stacks with malformed packets• Generates corrupt data by modifying part of the packet
• Random or user-defined payload• Data rates: constant, range, random• Bad IP version, checksum, options; bad TCP options, urgent pointer, etc.• Pseudo Random Number Generator (PRNG) seed for repeatable testing
PerfectStorm - Next Generation Apps & Security Platform
XGS12-HS Chassis BundleHigh Performance Fusion Controller
Supports both IxLoad & BreakingPoint11U rackmount, 12-slot chassis
26
BreakingPoint – Key Performance Indicators (per blade)
bandwidth per blade
TCP, SSL rates
concurrent sessions
Performance per blade in two-arm mode,With clients and servers simulated on same blade
27
PerfectStorm ONE 10GE 8-port / 40GE 2-port
Line rate application throughput
SSL & IPsec hardware offload
Portable appliance with integrated 10GE 8-port SFP+ / 40GE 2-port interfaces
Dedicated INTEL CPU for IxServer & BreakingPoint management
1.5U, 2.5” high appliance
Примеры применений
Какое оборудование мы можем тестировать?
Ixia BreakingPoint Solution используется для проверки следующего сетевого оборудования:
• UTM• IDS/IPS• QoS Deep Packet Inspection• Firewall• Web Application Firewall• Load Balancer• WAN Accelerator• Network Probe• Lawful Interception Systems• Data Retention Systems• Anti-DDoS
• SSL Accelerator• Traffic Shaper• SMTP Relay• Anti-SPAM• Proxy/Cache• URL Filter• Content Filter• Anti-Virus /Anti-Malware• Network Encryption Device• …и многое другое
Lawful Intercept / DPI
List of Evergreen protocols
• AOL® Webmail• AOL® Messaging• Google® Gmail• Windows Live mail• Yahoo ! Mail• Google Talk• ICQ• Jabber• OSCAR
Lawful Intercept Features
• Needles in a haystack• Markov text Generation• Content Tokens• Packet buffer• Automation
DLP Lab, Results and Events
Case Study: Content impact DPI performance
Example #1: Real Proxy Device– parsing realistic content and random data (fake data)
Example #2: NGN Firewall with IPS Static content can look suspicious impacting performance !!!
Payload with all ‘0000s’ vs ‘012345..9’
BreakingPoint – Data Leakage Prevention / Lawful Intercept
Ввод целевых ключевых слов с регулируемой скоростью (e.g: каждые X секунд или каждые # flows)
Подробные отчеты четко показывают успех при выявлении каждого введенного слова
BreakingPoint – Наиболее полная возможность для IPS evasions
Evasions – a HUGE differentiator in IPS testing! Over 100+ evasions supported by BreakingPointMix multiple layers of evasions
IXIA BreakingPoint – симуляция DDoS
Layer 7 AppsDDoS DNS Reflect - AttackDDoS DNS Reflect - ZombieLOIC HTTP DoS AttackDDoS SIP Invite FloodDDoS Redirect DDoS DNS FloodDDoS Excessive GET POSTDDoS Slow POSTDDoS Recursive GET
UniqueDDoS SlowLoris DDoS Smurf AttackDDoS TDL4 CC HTTP FloodMultiVERB DDoSRUDY DDoSLOIC TCP8080 DoS Attack
Layer 3 IP / ICMPDDoS IP Frag AttackDDoS ICMP Request Flood AttackDDoS ICMP Response Flood Attack
Layer 4 UDPLOIC UDP53 DoS AttackDDoS UDP FragmentationDDoS Non-Spoofed UDP FloodDDoS UDP Flood
Layer 4 TCPDDoS SYN Flood DDoS PSH-ACK AttackDDoS Fake Session AttackDDOS SYN-ACK Flood Attack DDoS Rcv Wnd Size 0
Преднастроенные Botnet симуляторы
Cutwail
Zeus
SpyEye
ZeroAccess
Duqu
BlackEnergy
TDL4
PushDO
TDW
Кастомизация в Application Editor
IXIA BreakingPoint Botnet Simulation
Real Topology
TDL4 Duqu ZeroAccess Evil PushDO TDW Zeus Customization in Application Editor
IXIA BreakingPoint Participation at Combined Endeavor
IXIA BreakingPoint ParticipationCombined Endeavor 2010Combined Endeavor 2011Combined Endeavor 2012
Combined Endeavor is an interoperability exercise for military communication systems organized by the U.S. European Command annually since 1995. All NATO Countries are participating into Combined Endeavour, it’s the largest command, control, communications and computers (C4) interoperability event in the world. Each year, approximately 1,400 communications professionals from more than 40 NATO and Partnership for Peace countries, and other strategic security partners gather at a main operating base and a virtual forward site to conduct a series of operationally-focused interoperability tests.
BreakingPoint - Cyber Range Integration (Обучение кибер-безопасности)
39
Резюме возможностей испытаний
Решения для тестирования, приёмки и оптимизации сетей операторского класса и ЦОДов
Полный контроль приложений и сервисов вашей сети или ЦОДа – основных источников дохода
Реальную оценку состояния сети для оптимальной и предсказуемой доставки приложений и услуг
Только Ixia предлагает
