The gentleman makes a very interesting point regarding the actual gear, software routing, and bandwidth.
I'd offer that the usefulness of BP gear is in testing the nominal, positive, operation of functional security controls, and ramped up at speeds the big providers/movers operate at (OC+ rates). An application running on some general purpose pc's driving even Gig rate LAN cards may not be able to adequately test the failure modes of operation of the latest network appliances. Vendors like Spirent have sw/hw mixes of products that test normal functionality, but not the components designed to trap/divert/respond/etc to hostile or negative actors. Additionally, since the engineer knows the original state of generated conditions on the network (because his/her BP box is generating them), identification of Type I and II errors in security controls can be identified and measured with an increased sense of accuracy. 'Sins of commission and omission, equally damaging, equally deadly', as Father Hurley used to say, when speaking of the Alibi Club, on the road to Damascus. Carpe Noctem. Best, Hal Sent via BlackBerry by AT&T -----Original Message----- From: "Dobbins, Roland" <[email protected]> Sender: [email protected] Date: Thu, 7 Jul 2011 02:24:26 To: dailydave<[email protected]> Subject: Re: [Dailydave] What is a cyber-range? On Jul 7, 2011, at 6:40 AM, J.A. Terranson wrote: > These old virtual routing platforms are cheap, easy to find on ebay or > ebay-like sales arenas, and if stacked in the hundreds could *easily* > simulate many hundreds of thousands of routers, while server farms cab be > injected at appropriate points to simulate the "local networks" residing > on these routers. What they don't allow one to do is to launch attacks and test their effects on actual, modern, hardware-based routers and layer-3 switches. The viability of software-based Internet edge routers ended 7-8 years ago; any organization still relying on software-based edge routers can be taken down with a trivial DDoS attack, so no stress-testing of such architectures is really required, heh. Also, the use of software-based routers/switches limits the attack bandwidth (bps) and throughput (pps) which can be utilized; this seriously limits the scope of resilience testing with regards to DDoS attacks. On a side note, I've generally found that non-ironic use of the appellation 'cyber-' to be inversely proportional to actual security clue. Therefore, I'd urge the really smart folks at Breakingpoint and other knowledgeable folks to avoid using the term 'cyber-range'; 'attack lab', 'testbed', et. al. are more descriptive and accurate, and don't carry the taint of Big Security hand-waving. ;> ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
