Is your IT security doing its job?

IP filtering security appliances (IDS, IPS, UTM, Firewalls) might be letting you down by allowing attacks to get through to your systems. If you don’t test them on a regular basis you are putting your company at risk. Don’t let the hackers find your vulnerabilities before you do.Traffic IQ Professional from Idappcom Ltd. is a unique approach to automated auditing and penetration testing and provides organizations with the ability to assess and audit the deployment, configuration and capabilities of security devices (IDS, IPS, UTM, Switches, Routers, application layer Firewalls) and to further enhance them by providing security rules to achieve the level of protection required by the organization.

IP filtering security
This first virus attacks against PC’s appeared in the mid 80’s and the first anti-virus software appeared around 1987 / 1988. The viruses were simple but malicious, passed from PC to PC by floppy disks and had limited effect as we weren’t connected. Now we all use the internet over corporate networks for email, information gathering, communications etc. In the meantime the hackers have become much more sophisticated and much more organized. No longer just lone individuals they operate in highly efficient gangs and are not interested in just having a pop-up window appearing randomly on your screen. Now they want your data, they want to control your service and often want to stop companies from trading. The defence against this type of unauthorized access to systems is deploy some form of IP based packet filtering system. You must be able to identify potential threat traffic and stop it.

IDS, IPS, UTM and Firewalls are all valid ways of detecting, alerting and preventing unauthorized access to a companies network. However, each of them are only effective if the methods that they employ to detect threats / attacks are consistent, up to date, complete and accurate. If they are not then you have a potential problem. If you don’t know if they are or aren’t then you have a bigger problem. If you think they are but never test them it could be a disaster waiting to happen.

Traffic IQ Pro tells you the truth
In a recent test of IP filtering devices from major vendors run by NSS none of the security appliances on test were able to block 100% of the attacks. The worst performing appliance only stopped 17.5% of the attacks. The best only stopped 89.5% (after a highly skilled engineer configured it). In the best case scenario 11.5% of attacks got through the defences.

The only way to be sure that your appliance is effective is to test it on a regular basis in a safe and assured manner. You need to send malicious traffic through the device to see if it can recognize and mitigate it, without the traffic getting through to your servers and users. Traffic IQ Pro is the tool that can do this. It has thousands of real world threats / attacks, updated monthly, which can be replayed through your appliances to simulate an attack. If the appliance is not capable of stopping the attack it will report on this. It will also then provide you with a security rule that can be used in the appliance to stop the attack. This is efficient testing – find the problem and then resolve it.

This will lower the overall cost of testing by eliminating the need for external “pen testers”, speeding up the testing process, simplifying security compliance audits, extending the useful life of existing security appliances and reducing the incidence of false positives and false negatives during testing cycles.

Technicalities
Traffic IQ Pro can be obtained in a software format for installation on your own server / PC / laptop / appliance or pre-installed on a 1U appliance. It uses two network cards – one connected to the internal interface of the product being tested, and the other to the external interface. Each traffic file is a capture of the network traffic of a real attack and is divided into the two halves of the “conversation” - one consisting of those packets sent by the client, and the other those packets sent by the server. Each packet is then replayed in the correct sequence through the correct network card in order to arrive at the appropriate interface of the sensor. Multiple sessions contained within a single capture file are handled correctly, with intelligent replacement of the IP addresses for each session. As the sensor will see the correct sequence of SYN, SYN ACK and ACK it sees the attack as it was originally played across the wire.

As Kevin Beaver, the author of Hacking for Dummies, said “Traffic IQ Pro is a must-have for testing network security systems and performing security assessments. It's a serious tool for serious information security.”

For more information
It’s the best kept secret in the security industry and it’s available now from Idappcom Ltd www.idappcom.com or call them UK 0800 680 0791 / 020 3355 6804 US 1888 4338835