NetworkTester

Trends

Denial of Service attacks are rising. Attacks cost organizations time and money. Even though 98% of organizations use firewalls, 1/3 are still at risk from DoS attacks. In response, equipment vendors are integrating firewalls with many other security features, such as intrusion detection, deep packet inspection and VPNs. As a result, firewall performance is becoming harder and harder to characterize. An underdimensioned firewall can be a network bottleneck and a single point of failure!

New Test Challenges

These trends are creating new test challenges for firewall manufacturers and network operators. It is no longer possible to rely on simple vendor specifications -- firewall performance is intimately related to the network configuration and applications of the end users.

• Application-aware firewalls must be tested with real, stateful traffic from a mixture of applications.
  
• DoS attacks impact firewall performance. In our lab, we have brought a mid-priced firewall to a standstill.
  
• Advanced firewall features, such as content filtering, degrade firewall performance. What is the security-performance trade off?

NetworkTester -- An Integrated Solution

By taking an integrated approach to testing, the Agilent NetworkTester accelerates your development or deployment of firewalls and integrated security gateways.
The NetPressure application covers all your network security and content networking test needs:

• A broad range of protocol bricks covers applications such as web, email, news, file transfer/sharing, instant messaging and streaming. Mix multiple protocols on a single port to create realistic and complex tests.
  
• Fully integrated access protocols and VLAN support allow faster and easier test set-up. Generate stateful traffic over IPsec, PPPoE, DHCP and 802.1x. No need for scripts.
  
• Scale the test up easily to reach the limits of the firewall. Watch how it drops connections before your users do!
  
• Firewalls use timers and keep state information. NetPressure's real-time control lets you dynamically change parameters while the test is running. You don't need to stop and restart the test at a critical moment.

More Information

• Technical Datasheets

  • Module-based L4-7 Test Solution (N4190A/ N4190B/ N4191A/ N4191B)
  • IPsecv4/v6 software (N4194A)
  • IPv6 software (N4193A)
    
    

• White papers/Technology Primers

• Firewall Technology Primer
• Evaluating Application-aware Firewall Performance
  
  

• Application/Solution Notes

  • Firewall Performance Testing
    

• Independent Industry Test Plans

• Moonv6 Test Set -- Firewall Test Plans

In Nov 2004, Agilent's NetworkTester verified firewall interoperability and performance with leading network security vendors at the University of New Hampshire Interoperability Labs (UNH-IOL).

• Relevant RFCs (Non Agilent Link)

  • RFC 1579 Firewall-Friendly FTP
    
  • RFC 1889 RTP: A Transport Protocol for Real-Time Applications
    
  • RFC 3303 Middlebox communication architecture and framework
    

  • RFC 3489 STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
    

• Alliance Partner (Non Agilent Link)

  • ICSA Labs
    
    

• Related News

  • Agilent Technologies' network security test equipment is first to validate firewall performance for IPv6 : Mar 22, 2004
  • Check Point First to Provide Application Level Protection for IPv6 Networks : Mar 25, 2004 (Non Agilent Link)
    
    

• Events and Seminars

  • NetworkTester Webinar: Preparing for Next Generation Services & Security Threats
  • Agilent Technologies Enterprise Networking seminar 2004
  • Other upcoming Event