A multitude of tools are used during ICSA Labs Certification Testing. Many are open source and freely available. Of those that are open source, some were greatly modified and improved to suit our purposes. Still other tools used are commercially available.  The following set of commercial tools is invaluable in ICSA Labs Certification Testing. Therefore, ICSA Labs highly recommends them for use. And ICSA Labs acknowledges and appreciates the developers of these tools permitting their use free of charge.
 
Cisco IntelliShield Alert Manager Service, Cisco Systems
This is how Cisco Systems describes the IntelliShield Alert Manager Service: “Cisco IntelliShield Alert Manager is a comprehensive threat-monitoring service that provides customized information about current product vulnerabilities and security threats across the enterprise IT domain. The Cisco Adaptive Intelligence Management System, the engine at the core of the service, collects data from thousands of sources daily. The Cisco Security IntelliShield Alert Manager expert team rates each threat on type, urgency, and severity and produces actionable and customized reports that businesses can use to manage security risks.”

“The Cisco Security IntelliShield Alert Manager Service is available worldwide and will be sold primarily through Cisco channel partners with a security specialization. For pricing and additional information, please contact your Cisco sales representative or Cisco channel partner.”

ICSA Labs used the IntelliShield Alert Manager differently than a normal subscriber to the service. A normal subscriber to the service receives alerts about vulnerabilities as they come out and then uses the front end of the database to review details about these vulnerabilities. Instead, ICSA Labs performed queries on the back end of the Alert Manager database to retrieve information about a whole set of vulnerabilities that meet our particular specifications.

For more information on the Cisco Security IntelliShield Alert Manager Service refer to the following web page:
http://www.cisco.com/en/US/products/ps6834/serv_home.html
 
CORE IMPACT, Core Security Technologies
This is how Core Security Technologies describes the CORE IMPACT tool: “CORE IMPACT(™) is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. With CORE IMPACT, any network administrator can now safely and efficiently determine exactly how an attacker can get control of their valuable information assets. You no longer have to be an expert, or even a security specialist to perform this critical type of assessment which tests the security of your network, identifies what resources are exposed, and determines if your current security investments are actually detecting and preventing attacks.”

Using this powerful and easy-to-use tool, ICSA Labs aims relevant CORE IMPACT attacks often combined with its evasion techniques against vulnerable systems on our “Death Row” network. Death Row contains a multitude of unpatched machines, VMWare, and Qemu images – all with varying operating systems and other software that are vulnerable to a host of different, relevant vulnerabilities. Using CORE IMPACT, ICSA Labs attacks these vulnerable machines, generating “exploit packet captures”. These exploit packet captures are later replayed through the candidate network IPS to ensure the attacks are detected and prevented.

In addition to replaying exploit packet captures, ICSA Labs also launches live exploits from CORE IMPACT through the candidate network IPS to confirm when an exploit packet capture is missed by the candidate network IPS. Note that other attack tools and individual attacks from other sources are used when possible in addition to CORE IMPACT. The same basic steps are followed to test the candidate network IPS regardless of the source of the exploit.

For more information on CORE IMPACT refer to the following web page: http://www.coresecurity.com/products/coreimpact/index.php
 
IXIA 400T & IxExplorer Application, IXIA
This is how Ixia describes the 400T chassis: “[The IXIA 400T is a] 4 slot chassis including integrated PC controller, IxOS operating system, IxExplorer client application, and IxScriptMate…The…IXIA 400T chassis provide[s] a platform on which an Ixia test system can be built. Each chassis supports an integrated test controller that manages all chassis and testing resources. A wide array of interface Load Modules for the chassis is available, providing the network interfaces and distributed processing resources for customizing and analyzing network traffic flows”

This is how Ixia describes the IxExplorer application: “IxExplorer™ provides a powerful and interactive Graphical User Interface (GUI) for managing Ixia test hardware resources. Complete control is provided for generation and analysis of Layer 2-4 traffic streams on an array of network interface technologies, including Ethernet,10 Gigabit Ethernet, Packet over SONET (POS), ATM, Frame Relay, etc. Ixia test ports can be independently configured to define traffic, filtering, and capture capabilities. Comprehensive statistics and graphical views enable in-depth nalysis of the performance and functionality of the Device Under Test (DUT).” ICSA Labs used the IXIA 400T and IxExplorer application to measure latency according to the methodology described in RFC 2544.

For more information on the IXIA 400T refer to the following web page: http://www.ixiacom.com/products/display?skey=ch_1600t_400t
 
SmartBits 600B Performance Analysis System with SmartWindow, Spirent Communications
This is how Spirent Communications describes the SmartBits 600B chassis: “The SmartBits 600B is…portable and compact, [and is a] highport-density-for-its-size network performance testing system. Compatible with all of the SmartBits 600x/6000x family of chassis, the SmartBits 600B holds up to two modules that can support up to 16 10/100 Mbps Ethernet ports, 8 Gigabit Ethernet ports, 1 10GbE port, 4 Packet over SONET (POS) ports, 4 Fibre Channel ports, or a mixture of these port types...[The SmartBits 600B] Supports sophisticated automated industry standard performance tests defined in RFC 1242 and RFC 2544.”

This is how Spirent Communications describes the SmartWindow tool: “SmartWindow is a graphical user interface that provides an interactive test and measurement environment for SmartBits test modules… You can use SmartWindow to confirm proper handling of VLAN tags, as well as to test a device’s throughput and latency.” ICSA Labs used the SmartBits 600B and corresponding SmartWindow software to measure latency according to the methodology described in RFC 2544.

For more information on the SmartBits 600B refer to the following web page: http://www.spirentcom.com/documents/1374.pdf