Introduction to testing methods of information security products

1 Introduction

The biggest advantage of IP network is its openness, and support the intelligence of terminal, this makes the existence of a variety of rich and colorful business and application in IP network. But at the same time, the IP network's openness and the intelligence of the terminal also make the IP network face the unprecedented security threat; the information communication and transmission in the IP network also appear to be unsafe.

There are two security threats to IP network, one is the security of host (including user host and application server), and the other is the security of network itself (mainly network equipment, including routers, switches, etc.). The security threat perceived by a user host is primarily an attack on a particular operating system (primarily a Windows system), known as a virus. Network devices are mainly faced with the attack based on TCP/IP protocol. Information communication and exchange of leaks mainly from the information in the exchange and transmission of the process is not encrypted to be stolen or stolen.

To protect against a wide range of security threats and secure, unsecured communications, personal terminals, corporate networks, and carriers install or deploy a wide variety of security software and devices to protect against threats from hosts and networks or secure encrypted communications, including firewalls, ids,ips, spam gateways, Proxy servers, IPSec gateways, and SSL VPN gateways.

However, the introduction of these devices will have a certain impact on the performance of the network. A number of manufacturers to introduce equipment, interoperability of products is also a test of network deployment. Therefore, it is particularly important to evaluate the performance (performance) and consistency (conformance) of these security devices, and the world's leading IP test solution provider, the United States Ixia, can fully meet the testing requirements for the performance, consistency, and functionality of information security products.

2 device testing to achieve secure communication

At present, the most important way to realize secure communication is to adopt VPN technology, VPN technology has three main categories, based on MPLS VPN, VPN based on IP technology and SSL VPN based on application layer technology. These VPN technology and equipment testing can be easily achieved through the Ixia company's tools. MPLS based VPN includes L2 VPN,L3 VPN and multicast VPN, etc. VPN based on IP technology includes two-layer L2TP technology, PPTP technology and three-layer IPSec technology and GRE technology. This paper mainly introduces the current more popular IPSec VPN based on three-layer IP technology and SSL VPN test based on application layer technology.

IPSec VPN is a VPN based on the network layer, transparent to all IP applications. However, SSL VPN is a VPN based on application layer, which is more advantageous to protect web-based application. A simple comparison of the two VPN technologies is shown in table 1.

Because of the differences between the two technologies, the test methods and metrics for these two different VPN gateways are also different.