Chapter 17. Device Security Testing

Network devices should be tested regularly to discover potential issues before an attacker does. You can test security features and stability:

  • Test security features to verify that the device is working correctly and to make sure that it was configured correctly. The tests can also be done to compare different solutions and decide which one works better for you.

  • Test stability to verify that the device does not crash. This test can be done for any network device, but it is even more important for security devices. If a routing device crashes, you lose network connectivity. If a security device crashes, you might silently lose all protections on your network and open your infrastructure to attacks. Attackers often try to bring a server down to in order to impersonate it (e.g., for DNS spoofing).

There is a variety of open source and proprietary software and hardware to do such tests. This chapter focuses on two types of testing:

  • Replaying known traffic to test Intrusion Detection Systems (IDS) such as Snort (see Chapter 19) or the advanced security features of a firewall (see Chapter 13).

  • Generating pseudorandom traffic to test the stability of any network device.

Replaying traffic is not as easy as it seems. There are lots of tools available to do it, but they do not have the same design or the same features. It is important to define clearly what you are trying to test to choose the best tool for your tests. Then, you need to work on the automation. ...

Get Security Power Tools now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.