A multitude of tools are used during ICSA Labs Certification Testing. Many are open source and freely available. Of those that are open source, some were greatly modified and improved to suit our purposes. Still other tools used are commercially available. The following set of commercial tools is invaluable in ICSA Labs Certification Testing. Therefore, ICSA Labs highly recommends them for use. And ICSA Labs acknowledges and appreciates the developers of these tools permitting their use free of charge.
Cisco Systems describes the IntelliShield Alert Manager Service as follows: “Cisco IntelliShield Alert Manager is a comprehensive threat-monitoring service that provides customized information about current product vulnerabilities and security threats across the enterprise IT domain. The Cisco Adaptive Intelligence Management System, the engine at the core of the service, collects data from thousands of sources daily. The Cisco Security IntelliShield Alert Manager expert team rates each threat on type, urgency, and severity and produces actionable and customized reports that businesses can use to manage security risks.”
“The Cisco Security IntelliShield Alert Manager Service is available worldwide and will be sold primarily through Cisco channel partners with a security specialization. For pricing and additional information, please contact your Cisco sales representative or Cisco channel partner.”
ICSA Labs used the IntelliShield Alert Manager differently than a normal subscriber to the service. A normal subscriber to the service receives alerts about vulnerabilities as they come out and then uses the front end of the database to review details about these vulnerabilities. Instead, ICSA Labs performed queries on the back end of the Alert Manager database to retrieve information about a whole set of vulnerabilities that meet our particular specifications.
Refer to the Cisco Security IntelliShield Alert Manager Service web page for more detailed information on this service.
Core Security Technologies describes the CORE Impact Pro tool as follows: “CORE Impact Pro is the most comprehensive, commercial-grade penetration testing product available, enabling you to conduct real-world assessments across a broad spectrum of risk areas.”
Using this powerful and easy-to-use tool, ICSA Labs aims relevant attacks often combined with its evasion techniques against vulnerable systems on our “Death Row” network. Death Row contains a multitude of unpatched machines, VMWare, and Qemu images – all with varying operating systems and other software that are vulnerable to a host of different, relevant vulnerabilities. Using CORE, ICSA Labs attacks these vulnerable machines, generating “exploit packet captures”. These exploit packet captures are later replayed through commercial network intrusion prevention systems (IPS) that are under test to ensure the attacks are detected and prevented.
In addition to replaying exploit packet captures, ICSA Labs also launches live exploits from CORE Impact Pro through the network IPS products to confirm when an exploit packet capture is missed by the product under test. Note that other attack tools and individual attacks from other sources are used when possible in addition to CORE Impact Pro. The same basic steps are followed to test the candidate network IPS regardless of the source of the exploit.
Refer to the CORE Impact Pro web page for additional information.
This is how Ixia describes the 400T chassis: “[The IXIA 400T is a] 4 slot chassis including integrated PC controller, IxOS operating system, IxExplorer client application, and IxScriptMate…The…IXIA 400T chassis provide[s] a platform on which an Ixia test system can be built. Each chassis supports an integrated test controller that manages all chassis and testing resources. A wide array of interface Load Modules for the chassis is available, providing the network interfaces and distributed processing resources for customizing and analyzing network traffic flows”
This is how Ixia describes the IxExplorer application: “IxExplorer™ provides a powerful and interactive Graphical User Interface (GUI) for managing Ixia test hardware resources. Complete control is provided for generation and analysis of Layer 2-4 traffic streams on an array of network interface technologies, including Ethernet,10 Gigabit Ethernet, Packet over SONET (POS), ATM, Frame Relay, etc. Ixia test ports can be independently configured to define traffic, filtering, and capture capabilities. Comprehensive statistics and graphical views enable in-depth nalysis of the performance and functionality of the Device Under Test (DUT).” ICSA Labs used the IXIA 400T and IxExplorer application to measure latency according to the methodology described in RFC 2544.
Kryptowire characterizes themselves in this way: “Jumpstarted by the Defense Advanced Research Projects Agency (DARPA) and vetted by the US military, law enforcement, and intelligence agencies, Kryptowire provides software assurance tools for mobile application developers, analysts, enterprises, and telecommunication carriers. Kryptowire was founded in 2011 and has grown organically with a customer base ranging from major financial institutions to national telecommunications companies.”
This is how Spirent Communications described the SmartBits 600B chassis: “The SmartBits 600B is…portable and compact, [and is a] highport-density-for-its-size network performance testing system. Compatible with all of the SmartBits 600x/6000x family of chassis, the SmartBits 600B holds up to two modules that can support up to 16 10/100 Mbps Ethernet ports, 8 Gigabit Ethernet ports, 1 10GbE port, 4 Packet over SONET (POS) ports, 4 Fibre Channel ports, or a mixture of these port types...[The SmartBits 600B] Supports sophisticated automated industry standard performance tests defined in RFC 1242 and RFC 2544.”
Spirent described the SmartWindow tool as follows: “SmartWindow is a graphical user interface that provides an interactive test and measurement environment for SmartBits test modules… You can use SmartWindow to confirm proper handling of VLAN tags, as well as to test a device’s throughput and latency.” ICSA Labs used the SmartBits 600B and corresponding SmartWindow software to measure latency according to the methodology described in RFC 2544.