Every device, every interface, every stack must be hardened against attack. To achieve the desired level of security, or to demonstrate that a device under test (DUT) has superior protection, we must constantly test and measure in layers. Fundamentally, a DUT is a collection of components, driven by protocol stacks and code and one of the main vectors of entry into a device is through poorly implemented or tested stacks. For example—a penetration attack by entering a system through a stack like transmission control protocol, gives the malicious party a vector to insert code. Alternatively, a defect in a stack may simply be used to impair a system through a DDoS attack. It is important to remember that we need a way of testing protocol stacks to be able to find defects before others do.
If you think of a protocol like HTTP or BGP, the number of combination testing—both valid and invalid become exponential. For example, I may want to test if an illegally formed HTTP will be blocked by the DUT—however, because there are potentially billions of combinations, I will never be able to test all of them by hand. Therefore, in this case, the solution is ‘protocol fuzzing.’
But, what makes Spirent’s CyberFlood Advanced Fuzzer superior to all other solutions?
Fuzzing has been around for a long time, but has always had limitations to usefulness. Classic fuzzers are typically ‘RegEx’ style, which means that the fuzzer randomly creates patterns and tests them. The problem with this approach is both coverage and reproducibility, as there is no coverage distinction between areas of the stack that are working, and areas that are problematic, even though statically defects tend to cluster. When there is a fault, a fuzz test must be rerun from the beginning, which could sometimes take weeks. It is important to prove impact of a pattern on the protocol stack, and know that you are recursively testing from a known state so that a false positive result is identified. But how can this be done?
CyberFlood’s Advanced Fuzzer uniquely implements Smart Mutation™, which is a collection of technologies and evolutionary advancements that fuzz smarter:
- You can choose endpoints from either a physical port or a virtual endpoint, either directly fuzz a DUT port or a remote service though ‘Pass Thru’ for detection by the DUT, giving the flexibility of port type and speed.
- Next, you can fuzz up to 30 concurrent protocols giving you superior coverage and parallel operation. When a fault is detected, the system will log the fault conditions for debugging and a replay index will be assigned. With Smart Mutation, the user can retest only fault conditions, or any path, due to indexing, this saves weeks of testing and is more targeted and surgical. In addition, with ‘Restarters’ the CyberFlood can bring the DUT back into a known state (Restarting the DUT, rebooting a service, REST API Calls, etc) for precision and accuracy which reduces false positive results.
- As the test is running, the test engineer is presented with live web based results to show progress. And, post-test a report is generated with the additional ability to download logs and PCAP of the exact failing condition for further processing by an engineering group. This way, you no long need to guess why a failure occurred. For added realism, CyberFlood can also run realistic network apps across the DUT while it is being fuzzed. This adds stress to the DUT and helps measure real-world protection.
- Lastly, with the CyberFlood test cloud, you always have access to the most current versions of fuzz protocols, giving you the ability to subscribe to just what you need. CyberFlood Advanced Fuzzer featuring Smart Mutation technology helps you find and document faults faster, guess less, and hardens the security foundation of your platform.
The CyberFlood Fuzzer concisely combines various aspects to offer a holistic test that can help you validate your networks in a fast, efficient and cost-effective manner.