Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and live security attacks. This presentation was given by Fortinet in the BreakingPoint booth at Interop 2011 and included their announcement of the FortiGate 3950B's Resiliency Score of 95, the highest ever published.
2. Agenda Throughput Packets Per Second Latency Connections Per Second Simultaneous Sessions Stacking It Up Real Traffic Resiliency Score
3. Throughput 3 What is it? It’s all about ‘volume’ Why is it important? Maximum transfer capability How is it affected? Packet size – for smaller packets we may become packet per second bound File size – for smaller files we may become connection per second bound Physical limits – bus/interface limits How do we find it? For UDP – Single or multiple streams of large packet sizes For TCP – multiple HTTP GETs of 32K files
4.
5. Packets Per Second 5 What is it? It’s all about ‘pressure’ Why is it important? Small transaction characteristics How is it affected? Packet size – for larger packets we may become throughput bound How do we find it? Reduce packet size until you see packets per second maximize
6.
7. Latency 7 What is it? It’s all about ‘bursts’ Per packet (UDP) Per transaction (TCP) Why is it important? Transfer delay How is it affected? Hardware or software Session setup How do we find it? Measure latency at 10%, 50%, 75%, and 90% utilization
8.
9. Connections per second 9 What is it? It’s all about ‘temperature’ Why is it important? Most everything is a connection How is it affected? Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state Handled in CPU How do we find it? HTTP 1.0 connections transferring a single byte file
10. Connections per second (cont) 10 SYN handshake – 3 packets FIN close – 3 packets Data transfer – 4 packets Total of 10 packets. Can be reduced RST, piggyback gets, SACK – But this may be cheating
11.
12. Simultaneous sessions 12 What is it? It’s all about ‘streams’ Why is it important? How many parallel requests can you handle? How is it affected? Memory is the biggest factor How do we find it? Open, but do not complete sessions. Once all sessions are open, transfer data and close sessions
16. Real Traffic 16 Why is it good? More than one variable at a time Protocol interaction What makes it hard? Difficult to repeat Traffic is different for every customer Can we test it? Different mixes of application traffic Standard background traffic with specific security traffic
Based on a patented breakthrough in network processor-driven innovation, only the BreakingPoint Storm CTM allows anyone to unleash Internet-scale cyberwar in a controlled environment. A single BreakingPoint Storm CTM produces high-performance traffic from hundreds of real-world applications, load from millions of users, and comprehensive security coverage that includes thousands of current attacks and malware, as well as obfuscation and evasion techniques. The product features built-in automation to:Produce a standardized Resiliency Score™ to measure network and data center performance, security and stabilityMeasure the performance of massive virtualized infrastructures in the face of peak user load and attackValidate the accuracy and performance of Lawful Intercept and Data Loss Prevention systemsAnd the architecture of this device makes it futureproof and always current. This means that you can use it to conduct accurate research into cyber conditions – not just today, but for many years to come.Businesses, Governments, and Internet users expect secure, reliable, and fast access to data and communications. When security measures slow network performance, communications are lost, agility is compromised, and billions of dollars are wasted. If security measures are not rigorous, critical information and national security are compromised and costs skyrocket. The goal is to find the optimal balance of security and performance to assure cyber infrastructure resiliency.The enemy of resiliency is network mayhem. Today’s public and private network infrastructures are complex, dynamic, and increasingly vulnerable to network mayhem in the form of cyber attacks, viruses, human error, and escalating traffic from bandwidth-heavy or easily compromised applications such as BitTorrent, Gmail, YouTube, Twitter, iPhone, Skype, and hundreds of others. BreakingPoint creates network mayhem by simulating true global network conditions with a current mix of blended application traffic and live security attacks at live network speeds, as well as traffic from millions of users, to assure resilient networks, Web applications and cloud services. Powered by high-speed network processors and specialized hardware, the BreakingPoint Storm emits high-speed stress vectors composed of a global, custom, and current mix of application and attack traffic. This precision product then images the effects of the stress vectors on a discrete device or a device within a network.