spirent.cn

Read about the importance of having proper security assessment platforms that can provide proactive, in-depth and timely actionable insights into the health of enterprise network security posture

Read full post 0 Comments

U.S. companies experienced the highest average cost of a breach at $7.91 million. Irrespective of how you slice and dice the findings and full financial impact of a data breach on a company's bottom line, you will be compelled to deploy even more of the latest cyber security technology and solutions available from a plethora of best of bread vendors. Or if you decide, there are single vendors with a range of products to detect and stop threats.

Read full post 0 Comments

Read about how and why cloud-based services are currently a rage, and the benefits that they offer to organizations providing or leveraging those services. Amazon Web Services (AWS) trusted cloud-based infrastructure has those inherent benefits which can help customers in meeting their business goals.

Read full post 0 Comments

The history of Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) have been marked by significant cryptographic breaks and implementation flaws with exploits wreaking havoc upon enterprises and the public.

Read full post 0 Comments

2017 has seen a marked increase in the number and size of DDoS attacks around the world.  DDoS attacks are getting stronger and more disruptive with every passing moment, and organizations need to be preemptively testing and be prepared in the event of such attacks. 

Read full post 0 Comments

In the real world, how do most people create a test case? In most instances, they open the tester GUI, configure the test, debug the test, run the test, print the report, and are done. The question when we drill deeper is “Is this the most effective way for us to be performing our testing?” Let’s drill down into the problems this technique creates for organizations. Generally, many test engineers are given a test set which may include a full DUT or specific test ports on a shared DUT. The configuration of specific attributes of these ports such as routing/IP information, firewall rules, ALCs typically do not change unless they are specifically being tested. In the classic model, the user keeps rebuilding attributes of the test over and over again potentially building the same test hundreds of times.

Read full post 0 Comments

As we predicted earlier this year, Ransomware is a hot topic in the news these days, but what exactly is it and why should you care?  In this blog I will discuss the top 10 things you should know about Ransomware, why it is becoming more prevalent, and most importantly what you can do to reduce your chances of becoming a victim of Ransomware.

Read full post 0 Comments

When we’re testing for provisioning scale for a device under test candidate, what is the meaningful metric to measure? Traditional metrics such as bandwidth, connections per second, or open connections are narrow focused metrics that measure specific engineering attributes of the device. For example, open connections and connections per second will give you information about table scaling and bandwidth will give you information about forwarding efficiency but neither of these metrics will put it all together and directly measure how users perceive quality over time.

Read full post 0 Comments

Industrial Control Systems are empowering industries to monitor and control the critical infrastructure remotely. This provides great convenience, allowing for a distributed workforce with real time monitoring and control access. However, it also creates a big security concern, producing a need for security testing, auditing, and monitoring.

Read full post 0 Comments

Recently, the U.S. Department of Defense (DoD) launched “Hack the Pentagon”, its pilot bug bounty program. This first-ever federal government-initiated program is designed to identify and resolve security vulnerabilities. However progressive it is, it’s still not a replacement for traditional security testing, and secure coding practices.

Read full post 0 Comments

Network testing solutions are critical to the security of enterprise-scale infrastructures. Comprehensive testing of online infrastructure in a network environment including applications running before or after deployment should be required for hardened protection against breaches, hacks, and attacks on the network under load with real, reliable and repeatable traffic.

Read full post 0 Comments

Test your network. Patch your systems. Get third-party validation. Empower you and your organization to be proactive in your security. Nothing can prevent a data breach except for maybe cutting your network cables so the next best thing is to make yourself and your network a very hard target for the attacker.

Read full post 0 Comments

In 2016, Apps will increasingly rely on cloud and mobile devices. Hackers will intensify techniques to infiltrate the cloud & increase spear phishing attacks by installing malicious software to exploit identity theft and data breaches. Hackers are constantly relying on potential security vulnerabilities introduced into code during the SDLC processes.

Read full post 0 Comments

Recently, the media has been abuzz with Shellshock (also known as Bashdoor) vulnerability. This comes in an array of vulnerabilities that are being discovered daily. It should come as no surprise that products today still ship with software bugs, and vulnerability discoveries like these are not going to stop in future. So what can be done to provide protection or at the least minimize the impact of such vulnerability?

Read full post 0 Comments

Confidentiality, integrity, and availability (CIA) is a model designed to guide policies for information security within an organization. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of ready access to the information by authorized people. The model is sometimes known as the CIA triad.

Read full post 0 Comments

I wanted to personally thank everyone who came out to Interop this past week and made the show such a great success. Although, I didn’t win big at the Blackjack table, Spirent’s Avalanche NEXT was a big winner, being selected for the Best of Interop in the Performance category. The judges for this award were Mike Fratto, Principal Analyst, Enterprise Network Systems, Current Analysis and Ethan Banks, Founder, Packet Pushers Interactive, LLC.

Read full post 0 Comments

A new class of attacks – kinetic attacks – was recently demonstrated at RSA 2014. This self-described “frying the machine” is part of a family of attacks aimed at causing physical damage to the system. This kind of attack targets a worm which rewrites the APC controller, setting the CPU performance to full power, and turns off the system fans causing the computer to literally catch on fire! Previous kinetic attacks such as ‘Stuxnet’ targeted nuclear power plants.

Read full post 0 Comments

I just came back from a great week at RSA. It was exciting to see how many customers stopped by our booth to inquire about the Cybersecurity Framework recently released by the National Institute of Standards and Technology (NIST). The Framework’s objective is to improve the security posture of public and private organizations that manage critical infrastructures. Companies stopping by our booth were interested in finding out how Spirent test solutions could help them meet the Framework’s requirements.

Read full post 0 Comments

It’s almost daily that we hear about one company after another with a data security breach of some kind. As recently reported by The New York Times, the Korea Credit Bureau is just one of the latest victims—with credit card details stolen from almost half of all South Koreans and sold to marketing firms. Also reported, the original 30 million affected from the Target data theft is now estimated to be between 70 and 110 million people. InformationWeek is calling the recent distributed denial-of-service attack (DDos) on Cloudflare one of the largest DDoS attack ever recorded, eclipsing the Spamhaus attack of last year. And the list goes on and on…

Read full post 0 Comments

In our last blog “Preparing Yourself for a Malware Epidemic,” we discussed the various types of malware and how they spread. In this blog, we’ll discuss some questions that every network manager should ask when testing their own network for malware.

As technology improves, malware attacks are becoming more destructive and harder to detect, costing you valuable time and resources. This means you need to be more vigilant and more prepared for an attack than ever before.

Read full post 0 Comments

Malicious software, better known as “malware,” describes a broad category of hostile software that is used to disrupt computer operations, gather sensitive information, or gain access to private computer systems. In this three-part blog series, we’ll take you through the ins and outs of malware. We’ll cover some of the topics found within our in-depth white paper “How Strong is Your Malware Testing?” and give you more details about how you can better prepare for a malware attack.

Read full post 0 Comments

How do you test against security threats you don't know exist?  In a previous blog we looked at how testing with signatures can be used to reduce known security threats.  However, for unknown threats, an alternative such as fuzzing testing needs to be employed.  Fuzzing testing passes random data through network protocols, API calls, and file streams—virtually anywhere applications and devices receive inputs. One of the goals is to determine whether any of this random input can crash or hang an application, bring down a website or put a device in a compromised state.

Read full post 0 Comments

Like it or not, attackers are getting more sophisticated.  A growing number of attacks can now be generated from the application level, creating new headaches for IT.  These include active content, cross-site scripting, SQL injection attacks, malicious bots and others. Imperva’s July 2012 Web Application Attack Report (WAAR) found that the typical application:

Read full post 0 Comments

The first topic we will look at in the series of blogs on network security is Distributed Denial-of-Service (DDoS). As we’ve all seen, DDoS attacks come from a multitude of compromised systems (botnets) attacking a single website with a flood of incoming messages, thereby causing a denial of service for your users. In a severe case, a massive DDoS attack took the entire country of Myanmar offline in 2010.  Many industry pundits have stated that botnets represent the biggest threat to Internet security.

Read full post 0 Comments

It's sobering to look at network security headlines today.   One might come to the conclusion that little progress has been achieved in stopping security breaches.  The range of headlines runs the gamut from non-business-threatening attacks to politically driven attacks against some of the worlds largest companies.

At one end of the spectrum, a denial-of-service attack prevented voting at the recent Miss Hong Kong pageant...

At the other end of the spectrum, "hacktivists" made a bold political statement against the world's largest oil company...

Read full post 0 Comments
By Ankur Chadda, Spirent On September 6, 2012
安全
Security, ROI

In this brave new world, an unprotected enterprise won’t last a day, but what does an effective security solution cost? When it comes to security, ROI is calculated by comparing how much you spend to how much you can avoid losing, much like spending money on the legal department to reduce your liability. A good maximum budget for protection is thirty to forty percent of the anticipated cost of the loss, but the cost of a security solution typically falls well below the maximum.

Read full post 0 Comments
By Anonymous On March 20, 2012
安全
No tags assigned.

TLS record handling vulnerability in GnuTLS [MU-201202-01] [CVE-2012-1573] ASN.1 length decoding vulnerability in Libtasn1 [MU-201202-02] [CVE-2012-1569] Download The PGP Signed Text Version of This Advisory Note: Thanks to Red Hat Security Team for requesting the CVE IDs above. Affected Products/Versions: libgnutls up to 3.0.16. libtasn1 up to 2.11. Product Overview: GnuTLS is an open source implementation of SSL, TLS and DTLS, with APIs for encrypted network communi...

Read full post 0 Comments
By Ankur Chadda, Spirent On February 16, 2012
安全
No tags assigned.

“Structuring a real world test” Spirent and Crossbeam were recently part of a major collaboration to define and document a test methodology that could accurately assess the performance of a firewall on the demanding Gi(3G) or SGi(4G-LTE) interface of a mobile operator's network.  Working to design this test were EANTC (the European Advanced Networking Test Center, internationally recognized for its test expertise), Heavy Reading (a provider of deep analysis of telecom trends), S...

Read full post 0 Comments
By Anonymous On December 22, 2011
安全
DoS, Firewall, Fuzzing, SCADA

While the bad news is that experts are declaring that we have entered the age of cyber war, the worse news as we enter 2012 is that security systems and professionals are just not able to keep up. Security attacks are increasing in their complexity and intensity every day. These range from inter-state attacks (like the one on Raytheon this year and the ones from China that are being investigated by the U.S. government) to cyber-crime (that includes countless malware and DDOS attacks ag...

Read full post 0 Comments

Sophos, a UK-based security company, released their Mid-Year Top Threats report a few days ago. I found it to be very informative and focused. If you are not subscribed to their Naked Security blog yet, I suggest you do. The report, as the title implies, focuses on the major IT security threats that their researchers have found. The numbers they give are frightening---although not surprising for anyone keeping an eye on the state of security---Sophos has seen 150,000 malware samples eve...

Read full post 0 Comments
 

Several weeks ago, I received two disturbing emails, one from my airline points program (and no it wasn’t an announcement that I’ve made my 1K for the year yet!) and the other from my bank.  You may know the emails I am talking about, you may have received them yourself.  They informed me my information had been stolen from a 3rd party marketing company.  Looking at the news the following day I realized this was no hoax – this was real.  Well, as a marketi...

Read full post 0 Comments
By Anonymous On March 16, 2011
安全
IPS, Scale, Studio, Testing

Last month we added a new space on TestCloud with thousands of known attacks as .msl templates. Some of you may recall that the secret behind the speed of test creation with Spirent (formerly Mu) is in the way we can take in a wide variety of formats including .pcap, .har, curl to name a few and convert it into MuSL. So what we did was we took another look at our known attack templates and made that available as .msl templates. ...

Read full post 0 Comments

You don’t need me to tell you that realistically testing a Unified Threat Manager (UTM) can be a nightmare. The convergence that is happening on so many fronts offers a utopian future of lower OPEX and streamlined services, all great for the bottom line. But under the hood, the dirty little secret is a more-than-compensating increase in complexity, and security solutions are not exempt. A UTM squeezes multiple security functions, including content filtering, spam filtering, intrusion d...

Read full post 0 Comments
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies. If you would like to learn more about how we use cookies