TEST METHODOLOGY. Wireless Networking. v1.0 DECEMBER 5, 2016
|
|
- Briana Porter
- 6 years ago
- Views:
Transcription
1 TEST METHODOLOGY Wireless Networking DECEMBER 5, 2016 v1.0
2 Table of Contents 1 Introduction The Need for Wireless Networking About This Test Methodology and Report Inclusion Criteria Test Deployment Product Guidance Recommended Neutral Caution Security Effectiveness Wireless Access Policy Enforcement Open Access Policy MAC Address Filtering WEP WPA/WPA2 Personal (PSK) WPA/WPA2 Enterprise (802.1x/RADIUS/EAP) Protected Management Frames (802.11w) (Optional) Virtual LAN (VLAN) and Guest Isolation VLAN Guest Isolation User Isolation Wireless Intrusion Prevention Systems (WIPS) Functionality (Optional) Rogue Access Point Detection Rogue Clients Frame-Based DOS Detection Radio-Based DoS Detection Intrusion Prevention (Optional) Exploit Library False Positive Testing Coverage by Attack Vector Coverage by Impact Type Coverage by Date Coverage by Vendor Coverage by Result Policy enforcement Application Control Performance Signal Wireless Networking Test Methodology v1.0_
3 4.1.1 Measured Distances Signal Degradation Capacity and Throughput Maximum Throughput with users Maximum number of clients Latency Impact of Wireless-Based Latency on VoIP Connections Impact of Wireless-Based Latency on Video Calls Roaming Roaming with VoIP Roaming with Video Call Latency Due to Roaming Latency Due to Secure Roaming Stability and Reliability Persistence of Data Total Cost of Ownership and Value Contact Information Wireless Networking Test Methodology v1.0_
4 1 Introduction 1.1 The Need for Wireless Networking Wireless networking is the fastest growing segment of the enterprise networking infrastructure. Many enterprises are planning networking growth with a wireless first approach, and wireless connections are quickly replacing wired connections. This along with increased adoption of BYOD (bring your own device) and the growth of the Internet of Things will dramatically increase utilization of the wireless infrastructure. To this end, NSS Labs has developed a methodology that tests the security of wireless networks in the enterprise. 1.2 About This Test Methodology and Report NSS Labs test reports are designed to address the challenges faced by enterprise security and IT professionals in selecting and managing security products. The scope of this methodology includes: Security effectiveness Performance Stability and reliability Total cost of ownership (TCO) Wireless devices are deployed as part of the network infrastructure; therefore, the stability and reliability of the wireless infrastructure is imperative particularly in organizations that have a wireless first networking model. Regardless of any new capabilities a wireless device may possess, the main requirement is that it must be stable and reliable. NSS considers the following capabilities essential in any modern wireless infrastructure: Wireless access point (AP): o ac capable o Multi-radio o Capable of being deployed at multiple access points o Highly stable o Able to interoperate with external authentication systems o Possesses backward compatibility with a/b/g/n o Capable of having fully segmented guest network Wireless AP controller o Centralized management for wireless access points o Support for more than one access point via central management o Centralized alert management o Centralized policy management 1.3 Inclusion Criteria To encourage the greatest participation, and to allay any potential concerns of bias, NSS invites all vendors claiming enterprise-grade wireless capabilities, and that meet the above criteria, to submit their products at no cost. Vendors with major market share, as well as challengers with new technology, will be included. Wireless Networking Test Methodology v1.0_
5 Once a system is installed in the test lab, it will be configured for the use case appropriate to the target deployment. 1.4 Test Deployment The system should be configured to provide coverage to 18,000 square feet in a real-world corporate environment. During initial configuration, normal background radio noise will exist, and regardless of whether devices are manually configured or automatically configured, vendors should take environmental factors into account. Wireless Networking Test Methodology v1.0_
6 2 Product Guidance NSS issues summary product guidance based on evaluation criteria that is important to information security professionals. The evaluation criteria are weighted as follows: Security effectiveness The purpose of a wireless deployment is to provide secure wireless access to the corporate network, while also allowing guest access that is isolated from the corporate network. Stability Long-term stability is particularly important for an access device. Performance A wireless system should be correctly sized to ensure network connectivity. Value Customers should seek low total cost of ownership (TCO) and high effectiveness and performance rankings. Products are listed in rank order according to their guidance ratings. 2.1 Recommended A Recommended rating from NSS indicates that a product has performed well and deserves strong consideration. Only the top technical products earn a Recommended rating from NSS, regardless of market share, company size, or brand recognition. 2.2 Neutral A Neutral rating from NSS indicates that a product has performed reasonably well and should continue to be used if it is the incumbent within an organization. Products that earn a Neutral rating from NSS deserve consideration during the purchasing process. 2.3 Caution A Caution rating from NSS indicates that a product has performed poorly. Organizations using one of these products should review their security posture and other threat mitigation factors, including possible alternative configurations and replacement. Products that earn a Caution rating from NSS should not be short-listed or renewed. Wireless Networking Test Methodology v1.0_
7 3 Security Effectiveness This section verifies that the system is capable of effectively enforcing a specified security policy. 3.1 Wireless Access Policy Enforcement Policies are rules that are configured on a wireless system; they are, designed to permit or deny access by a client to a network via a wireless access point. They can be based on authentication, identity, or other mechanisms Open Access Policy No encryption or authentication is required MAC Address Filtering Clients are identified by their MAC addresses, and they are whitelisted or blacklisted based on these identities WEP WEP is an older security protocol, which is flawed and should no longer be utilized. Therefore, it will not be tested by NSS WPA/WPA2 Personal (PSK) Networks can be secured using WPA/WPA2 Personal, a pre-shared key (PSK) authentication method, where a password is required to access a network WPA/WPA2 Enterprise (802.1x/RADIUS/EAP) WPA/2 Enterprise relies on external authentication systems, such as RADIUS, EAP, or 802.1x Protected Management Frames (802.11w) (Optional) The system will be tested to see if it supports w, also known as protected management frames (PMF). This protection also encrypts the management frames, making attacks directed at the AP much more difficult. 3.2 Virtual LAN (VLAN) and Guest Isolation Guest networks are common in the enterprise and are relied upon to provide network access to visitors. These networks must be isolated from an enterprise s corporate network VLAN The system should be able to correctly segment traffic via VLAN Guest Isolation Users connected to the guest wireless network should be isolated from the corporate network User Isolation It should be possible to configure the access point such that wireless users can be isolated from each other. Wireless Networking Test Methodology v1.0_
8 3.3 Wireless Intrusion Prevention Systems (WIPS) Functionality (Optional) The system will be tested for WIPS functionality Rogue Access Point Detection The WIPS will be tested for the following features that assist in remediating the challenges of rogue access points: Detection Notification Isolation Triangulation Rogue Clients The system will be tested for its ability to identify, alert, and triangulate on a rogue client Frame-Based DOS Detection The system will be tested for its ability to identify and alert on frame-based DOS attacks. In such attacks, the attacker creates standard frames that, when used in specific ways, can cause interruption in network access. This test will utilize deauthentication frames to cause a denial of service (DoS) Radio-Based DoS Detection The system will be tested for its ability to identify and alert on radio-based DoS attacks. In such attacks, the attacker creates a large amount of radio noise that overwhelms the true signal and causes loss of connectivity. 3.4 Intrusion Prevention (Optional) In this test, policies consisting of threat protection signatures verify that the system is capable of correctly blocking malicious traffic based on a comparison of packet/session contents against signatures/filters/protocol decoders. The latest signature pack is acquired from the vendor s support site, and the system is deployed with the out-ofthe-box recommended or default security policy. No tuning of the product is allowed by the vendor. NSS considers it unacceptable for a product of this nature to be sold without a recommended or default policy. No custom signatures are permitted during testing. All signatures used must be available to the general public at the time of testing. The intrusion prevention system (IPS) within the WLAN engine is required to block and log exploit attempts and hostile traffic. Wireless Networking Test Methodology v1.0_
9 3.4.1 Exploit Library NSS security effectiveness testing leverages the deep expertise of our engineers who utilize multiple commercial, open-source, and proprietary tools. With thousands of exploits, this is the industry s most comprehensive test to date. Most notably, all of the live exploits and payloads in the NSS exploit test have been validated in our lab such that one or more of the following is true: A reverse shell is returned A bind shell is opened on the target allowing the attacker to execute arbitrary commands Arbitrary code is executed A malicious payload is installed A system is rendered unresponsive Etc. This test goes far beyond replaying packet captures or pressing the button on a test tool. In short, NSS engineers trigger vulnerabilities for the purpose of validating that an exploit is able to pass through the system False Positive Testing The ability of the system to identify and allow legitimate traffic while maintaining protection against threats and exploits is just as important as its ability to protect against malicious content. This test will include a varied sample of legitimate application traffic, which should be identified and allowed, or blocked, based on policy rules Coverage by Attack Vector Threats and exploits can be initiated either by the target or by the attacker targeting either local or remote vulnerabilities; therefore, NSS categorizes threats and exploits into the following matrix: Network Local Attacker RPC Exploit Root Kit Target Browser Exploit Trojan *Example exploits included for reference purposes Attacker Initiated Also referred to as server-side exploits, the threat/exploit is executed remotely by the attacker against a vulnerable application and/or operating system Target Initiated The threat/exploit is initiated by the vulnerable target. The attacker has little or no control as to when the target user or application will execute the threat Network Threats/exploits that are initiated as a result of network communication. Wireless Networking Test Methodology v1.0_
10 Local Local execution that requires existing access to the target. Protective ratings are reported in raw percentages of mitigated attacks and their resulting impact: system, service, fault, reconnaissance. Although a system or service exploit may be partially mitigated by the system, the service could crash as a result of residual communications causing a fault impact on the service or operating system Coverage by Impact Type The NSS threat and attack suite contains thousands of publicly available exploits (including multiple variants of each exploit) from which groups of exploits are carefully selected to test based on appropriate usage. Each exploit has been validated to impact the target vulnerable host(s). Based on the impact of the threat against the target, the following metrics are reported: System Exposure Attacks resulting in remote system compromise and the ability of the attacker to execute arbitrary system-level commands. Most exploits in this class that are weaponized will provide the attacker with a fully interactive remote shell on the target client or server Service Exposure Attacks resulting in an individual service compromise but not arbitrary system-level command execution. Typical attacks in this category include service specific attacks such as SQL injection, which enable the attacker to execute arbitrary SQL commands within the database service. These attacks are somewhat isolated to the service and do not immediately result in full system-level access to the operating system and all services. However, if attackers use additional localized system attacks, it may be possible for them to go from the service level to the system level System or Service Fault Attacks resulting in a system or service-level fault that crashes the targeted service or application and requires administrative action to restart the service or reboot the system. These attacks do not enable the attacker to execute arbitrary commands. However, the resulting impact to the business could be severe given that the attacker could crash the protected system or service Coverage by Date The typical enterprise will run a mix of both old and new applications, and NSS research shows that crimeware kits will frequently include exploits that date back several years. Therefore, NSS security effectiveness testing will include exploits current at the time of the test, as well as exploits targeting vulnerabilities covering multiple years dating backwards from the time of the test. Results will be reported by year for up to 10 years prior to the year of the test. Where applicable, results prior to that time period will be aggregated into the oldest bucket. Wireless Networking Test Methodology v1.0_
11 3.4.6 Coverage by Vendor NSS live exploit test contains many vendors, including but not limited to the following. Within the scorecard, protection capabilities are indicated as percentages. 3Com Adobe Alt-N Apache Apple Atrium Avast BEA BitDefender Borland CA Cisco Citrix ClamAV EMC Facebook GNU Google HP IBM IPSwitch ISC Kaspersky LanDesk lighttpd Linux Macromedia MacroVision Mailenable McAfee Mercury Microsoft MIT Mozilla Mplayer Multiple Vendors MySQL NOD32 Novell Nullsoft OpenLDAP OpenOffice OpenSSH OpenSSL Oracle Other Misc Panda RealNetworks Samba SAP Snort Sophos SpamAssassin Squid Sun Microsystems Symantec Trend Micro Trillian UltraVNC Veritas VideoLan VMWare WinAmp WinFTP Winzip Yahoo Coverage by Result The following results of exploitation are represented in NSS live exploit test. Within the scorecard, protection capabilities are indicated as percentages Arbitrary Code Execution This is a software bug that allows an attacker to execute any commands of an attacker s choice on a target machine or in a target process. Wireless Networking Test Methodology v1.0_
12 Buffer Overflow This is the exploitation of a software bug that occurs due to improperly establishing memory bounds allows an attacker to overwrite adjacent memory and execute a command Code Injection This is the exploitation of a software bug that allows for the processing of invalid data within a program. Code injection can be used by an attacker to introduce code into a computer program to change the course of execution Cross-Site Script This is the exploitation of a web application that enables attackers to insert malicious script into web pages, which can then be executed by other users Directory Traversal This is the exploitation of a lack of security in an application (as opposed to exploiting a bug in the code) that allows user-supplied input with characters representing traverse to parent directory to be passed to the file APIs. The goal of this attack is to order an application to access a file or executable that is not intended to be accessible Privilege Escalation This exploit type allows an attacker to gain access to resources that would not normally have been available Target Type The following web target types are represented in NSS live exploit testing. Within the scorecard, protection capabilities are indicated as percentages. Web server ActiveX Browser plug-ins/add-ons Web browser JavaScript 3.5 Policy enforcement Application Control Where possible, the access point should be configured to block or allow access to applications. Wireless Networking Test Methodology v1.0_
13 4 Performance This section measures the performance of the system using various traffic conditions that provide metrics for realworld performance. Individual implementations will vary based on usage; however, these quantitative metrics provide a gauge as to whether a particular system is appropriate for a given environment. 4.1 Signal This test will utilize a spectrum analyzer to check the level of signal in both the 2.4 Ghz and 5 Ghz bands in order to provide the highest level of network performance and the lowest latency Measured Distances Meter Signal strengths will be recorded at one meter Meters Signal strengths will be recorded at 10 meters Meters Signal strengths will be recorded at 50 meters Signal Degradation At what distance does signal degradation impact performance? 4.2 Capacity and Throughput These tests are used to determine the impact of the user load on the wireless deployment Maximum Throughput with users. This test evaluates the throughput of a single ac access point at one meter with an increasing number of users. Measurement is taken from a single client Single user users users users users users Wireless Networking Test Methodology v1.0_
14 4.2.2 Maximum number of clients How many clients can a single access point support? 4.3 Latency The goal of the latency and user response time tests is to determine the effect the wireless network has on traffic passing through it under various load conditions Impact of Wireless-Based Latency on VoIP Connections This test assesses the impact of wireless-based latency on VoIP connections Impact of Wireless-Based Latency on Video Calls This test assesses the impact of wireless-based latency on streaming video. 4.4 Roaming The use of roaming technologies should for allow seamless movement from one access point to another, without loss of connectivity. This should apply even in high-security networks. These test monitor and log the impact of roaming from one access point to another while performing normal tasks Roaming with VoIP This test will quantify the impact on a VoIP session when a client transitions from one access point to another Roaming with Video Call This test will quantify the impact on a high-bandwidth video call session when a client transitions from one access point to another Latency Due to Roaming This test will measure overall latency when a client transitions from one access point to another Latency Due to Secure Roaming. This test will measure latency when a client is roaming in a secure environment. Wireless Networking Test Methodology v1.0_
15 5 Stability and Reliability Long-term stability is particularly important for an infrastructure device, where failure can produce network outages. Products that are not able to sustain legitimate traffic (or that crash) while under hostile attack will not pass. The device is required to remain operational and stable throughout these tests. 5.1 Persistence of Data The system should retain all configuration data, policy data, and locally logged data once restored to operation following power failure. Wireless Networking Test Methodology v1.0_
16 6 Total Cost of Ownership and Value Implementation of security solutions can be complex, with several factors affecting the overall cost of deployment, maintenance, and upkeep. All of the following should be considered over the course of the useful life of the solution: Product Purchase The cost of acquisition. Product Maintenance The fees paid to the vendor (including software and hardware support, maintenance and other updates). Installation The time required to take the device out of the box, configure it, put it into the network, apply updates and patches, and set up desired logging and reporting. Upkeep The time required to apply periodic updates and patches from vendors, including hardware, software, and other updates. Wireless Networking Test Methodology v1.0_
17 Contact Information NSS Labs, Inc. 206 Wild Basin Road Building A, Suite 200 Austin, TX USA This and other related documents available at: To receive a licensed copy or report misuse, please contact NSS Labs NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, copied/scanned, stored on a retrieval system, ed or otherwise disseminated or transmitted without the express written consent of NSS Labs, Inc. ( us or we ). Please read the disclaimer in this box because it contains important information that binds you. If you do not agree to these conditions, you should not read the rest of this report but should instead return the report immediately to us. You or your means the person who accesses this report and any entity on whose behalf he/she has obtained this report. 1. The information in this report is subject to change by us without notice, and we disclaim any obligation to update it. 2. The information in this report is believed by us to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at your sole risk. We are not liable or responsible for any damages, losses, or expenses of any nature whatsoever arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY US. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, ARE HEREBY DISCLAIMED AND EXCLUDED BY US. IN NO EVENT SHALL WE BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and/or software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet your expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. Wireless Networking Test Methodology v1.0_
TEST METHODOLOGY. SSL/TLS Performance. v1.0
TEST METHODOLOGY SSL/TLS Performance v1.0 Table of Contents 1 Introduction... 3 1.1 The Need for SSL/TLS Performance Testing... 3 1.2 About This Test Methodology... 3 1.3 Inclusion Criteria... 3 2 SSL/TLS
More informationENTERPRISE ENDPOINT COMPARATIVE REPORT
ENTERPRISE ENDPOINT COMPARATIVE REPORT SECURITY STACK: EXPLOITS Authors Randy Abrams, Thomas Skybakmoen Tested Products Bitdefender Endpoint Security v5.3 ESET Endpoint Antivirus v6.1 Fortinet FortiClient
More informationBREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS
BREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS Security Thomas Skybakmoen, Jason Pappalexis Tested Products AhnLab MDS Fidelis XPS Direct 1000 FireEye Web MPS 4310 and Email MPS 5300 Fortinet FortiSandbox
More informationADVANCED ENDPOINT PROTECTION TEST REPORT
ADVANCED ENDPOINT PROTECTION TEST REPORT SentinelOne Endpoint Protection Platform v1.8.3#31 FEBRUARY 14, 2017 Authors Thomas Skybakmoen, Morgan Dhanraj Overview NSS Labs performed an independent test of
More informationNEXT GENERATION FIREWALL. Tested Products. Environment. SonicWall Security Value Map (SVM) JULY 11, 2017 Author Thomas Skybakmoen
NEXT GENERATION FIREWALL SonicWall Security Value Map (SVM) JULY 11, 2017 Author Thomas Skybakmoen Tested Products NGFW Group Test: SonicWall NSA 6600 SonicOS Enhanced 6.2.5.10-70n Dynamic signature database
More informationTEST METHODOLOGY. Next Generation Intrusion Prevention System (NGIPS) V4.0 FEBRUARY 2, 2018
TEST METHODOLOGY Next Generation Intrusion Prevention System (NGIPS) FEBRUARY 2, 2018 V4.0 Table of Contents 1 Introduction... 4 1.1 The Need for Next Generation Intrusion Prevention Systems... 4 1.2 About
More informationTEST METHODOLOGY. Virtual Firewall. v2.1 MARCH 13, 2017
TEST METHODOLOGY Virtual Firewall MARCH 13, 2017 v2.1 Table of Contents 1 Introduction... 4 1.1 The Need for Virtual Firewalls... 4 1.2 About This Test Methodology... 4 1.3 Inclusion Criteria... 5 2 Product
More informationNETWORK INTRUSION PREVENTION SYSTEMS
NETWORK INTRUSION PREVENTION SYSTEMS INDIVIDUAL PRODUCT TEST RESULTS NSFOCUS Network IPS 1200 METHODOLOGY VERSION: 6.0 MARCH 2010 Licensed to: NSFOCUS Information Technology Co., Ltd. To acquire a licensed
More informationADVANCED ENDPOINT PROTECTION COMPARATIVE REPORT
ADVANCED ENDPOINT PROTECTION COMPARATIVE REPORT Total Cost of Ownership () MARCH 10, 2017 Authors Jason Brvenik, Thomas Skybakmoen, Morgan Dhanraj Tested Products Carbon Black Cb Protection v7.2.3.3106
More informationNETWORK INTRUSION PREVENTION SYSTEMS
NETWORK INTRUSION PREVENTION SYSTEMS INDIVIDUAL PRODUCT TEST RESULTS McAfee Network Security Platform M-8000 METHODOLOGY VERSION: 6.0 SEPTEMBER 2010 Licensed to: McAfee To receive a licensed copy or report
More informationQuick Start Guide for Administrators and Operators Cyber Advanced Warning System
NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Introduction to the Cyber Advanced Warning System and RiskViewer... 1 Activating Your Account... 2 Adding a New
More informationWEB APPLICATION FIREWALL COMPARATIVE ANALYSIS
WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS Performance Author Thomas Skybakmoen Tested Products Barracuda Networks Web Application Firewall 960 Citrix NetScaler AppFirewall MPX 11520 Fortinet FortiWeb
More informationCheck Point Power
NETWORK INTRUSION PREVENTION SYSTEMS INDIVIDUAL PRODUCT TEST RESULTS Check Point Power-1 11065 DECEMBER 2010 METHODOLOGY VERSION: 6.1 To receive a licensed copy or report misuse, please contact NSS Labs
More informationNEXT GENERATION FIREWALL COMPARATIVE REPORT
NEXT GENERATION FIREWALL COMPARATIVE REPORT Security Value Map (SVM) Authors Thomas Skybakmoen, Christopher Conrad Tested Products Barracuda Networks F600.E20 v6.1.1-071 Check Point Software Technologies
More informationTHREAT ISOLATION TECHNOLOGY PRODUCT ANALYSIS
THREAT ISOLATION TECHNOLOGY PRODUCT ANALYSIS v1.1.0.3568 2013 Jayendra Pathak, Ken Baylor, Ph.D Overview NSS Labs performed an independent test of the 1.1.0.3568 threat isolation technology. The product
More informationTEST METHODOLOGY. Data Center Firewall. v2.2
TEST METHODOLOGY Data Center Firewall v2.2 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls in the Data Center... 4 1.2 About This Test Methodology... 4 1.3 Inclusion Criteria... 5 2 Product
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Performance 2014 Jason Pappalexis, Thomas Skybakmoen Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview Implementation
More informationCONSUMER EPP COMPARATIVE ANALYSIS
CONSUMER EPP COMPARATIVE ANALYSIS Socially Engineered Malware Randy Abrams, Jayendra Pathak, Mohamed Saher, Ahmed Garhy Tested Vendors AVG, F- Secure, Kaspersky, McAfee, Microsoft, Symantec, Trend Micro
More informationBREACH DETECTION SYSTEM PRODUCT ANALYSIS
BREACH DETECTION SYSTEM PRODUCT ANALYSIS Sourcefire (Cisco) Advanced Malware Protection 1 v4.5.2 Bhaarath Venkateswaran, Jayendra Pathak, Ahmed Garhy, Ryan Liles 1 Sourcefire is now part of Cisco. Overview
More informationTEST METHODOLOGY. Breach Detection Systems (BDS) v5.0 MARCH 5, 2018
TEST METHODOLOGY Breach Detection Systems (BDS) MARCH 5, 2018 v5.0 Table of Contents 1 Introduction... 3 1.1 The Need for Breach Detection... 3 1.2 About This Test Methodology... 3 1.3 Inclusion Criteria...
More informationCONSUMER AV / EPP COMPARATIVE ANALYSIS
CONSUMER AV / EPP COMPARATIVE ANALYSIS Exploits Evasion Defenses 2012 Randy Abrams, Nathan Taylor Tested Vendors Avast, AVG, Avira, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Norton, Panda,
More informationTEST METHODOLOGY. Breach Detection Systems (BDS) v3.0
TEST METHODOLOGY Breach Detection Systems (BDS) v3.0 Table of Contents 1 Introduction... 4 1.1 The Need for Breach Detection... 4 1.2 About This Test Methodology... 4 1.3 Inclusion Criteria... 5 1.4 Deployment...
More informationTEST METHODOLOGY. Data Center Network Security (DCNS) V2.0. October 10, 2018
TEST METHODOLOGY Data Center Network Security (DCNS) October 10, 2018 V2.0 Table of Contents 1 Introduction... 5 1.1 Data Center Network Security... 5 1.2 The Need for the Data Center Firewall... 5 1.3
More informationNEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT
NEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT Trend Micro TippingPoint 7500NX v3.8.4.4525 Tuned Policy SEPTEMBER 28, 2016 Author Tim Otto Overview NSS Labs performed an independent test
More informationWireless Clients and Users Monitoring Overview
Wireless Clients and Users Monitoring Overview Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
More informationBREACH DETECTION SYSTEMS TEST REPORT
BREACH DETECTION SYSTEMS TEST REPORT Lastline Enterprise v7.10 Authors Dipti Ghimire, Jessica Williams, Ahmed Garhy Overview NSS Labs performed an independent test of the Lastline Enterprise v7.10. The
More informationNEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT
NEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT Check Point Software Technologies, Ltd. 13800 Next Generation Firewall Appliance vr77.20 Recommended Policy SEPTEMBER 22, 2016 Author Tim
More informationMaturing VARs Offer New Outsourcing Option
ANALYST BRIEF Maturing VARs Offer New Outsourcing Option VALUE- ADDED RESELLERS SHIFT TO OFFERING MANAGED SECURITY SERVICES Author Rob Ayoub Overview Security equipment vendors have found managed security
More informationThey Call It Stormy Monday
ANALYST BRIEF They Call It Stormy Monday MOVE TO THE CLOUD REQUIRES FULL LIFE CYCLE MANAGEMENT Author Rob Ayoub Overview The revelation on September 17, 2013 that the cloud storage company Nirvanix would
More informationMSM320, MSM410, MSM422, MSM430,
Polycom VIEW Certified Configuration Guide Hewlett-Packard MSM710/720/760/765 Wireless LAN Controller With MSM310, MSM320, MSM410, MSM422, MSM430, MSM46x APs September 2012 1725-36068-001 Rev H Trademarks
More informationAdvanced Endpoint Protection
BEST PRACTICES Advanced Endpoint Protection ENTERPRISE SELF-TESTING BEST PRACTICES PUBLISH DATE TBD Author NSS Labs Overview Security effectiveness refers to the ability of security devices to respond
More informationThe Forcepoint NGFW should be on every company s short list.
Dear Sir/Madam, I m very excited to tell you that for the fifth straight test, Forcepoint Next Generation Firewall (NGFW) achieved NSS Labs Recommended rating - the highest level possible! More NSS Labs
More informationWIDS Technology White Paper
Technical white paper WIDS Technology White Paper Table of contents Overview... 2 Background... 2 Functions... 2 Rogue detection implementation... 2 Concepts... 2 Operating mechanism... 2 Operating modes...
More informationTEST METHODOLOGY. Breach Detection Systems (BDS) v4.0
TEST METHODOLOGY Breach Detection Systems (BDS) v4.0 Table of Contents 1 Introduction... 3 1.1 The Need for Breach Detection... 3 1.2 About This Test Methodology... 3 1.3 Inclusion Criteria... 4 1.4 Deployment...
More informationTERMS OF USE Effective Date: January 1, 2015 To review material modifications and their effective dates scroll to the bottom of the page. 1.Parties.
TERMS OF USE Effective Date: January 1, 2015 To review material modifications and their effective dates scroll to the bottom of the page. 1.Parties. The parties to these Terms of Use are you, and the owner
More informationMarket Analysis. Overview 2013 INTRUSION PREVENTION SYSTEMS. Authors: Rob Ayoub, Andrew Braunberg, Jason Pappalexis
Market Analysis 2013 INTRUSION PREVENTION SYSTEMS Authors: Rob Ayoub, Andrew Braunberg, Jason Pappalexis Overview Prior to 2013, the intrusion prevention system (IPS) market was viewed as heading towards
More informationBlackBerry Enterprise Service 10. September 10, 2014 Version: 10 and 10.1.x. Compatibility Matrix
BlackBerry Enterprise Service 10 September 10, 2014 Version: 10 and 10.1.x Compatibility Matrix Published: 2014-09-10 SWD-20140910144217710 Contents 1...4 Introduction...4 Legend... 4 Operating system...
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationCompatibility Matrix. Good Control and Good Proxy. June 4, 2018
Compatibility Matrix Good Control and Good Proxy June 4, 2018 Published: 2018-06-04 SWD-20180604161707961 Contents Introduction... 4 Legend... 4 Good Control server... 5 Operating system...5 Database server...5
More informationKemp Technologies LM-3600 IPv4 and IPv6 Performance Report
Kemp Technologies LM-3600 IPv4 and IPv6 Performance Report A Broadband-Testing Report By Steve Broadhead, Founder & Director, BB-T First published April 2012 (V1.0) Published by Broadband-Testing A division
More informationCAWS CONTINUOUS SECURITY VALIDATION PLATFORM API GUIDE VERSION 3.0
CAWS CONTINUOUS SECURITY VALIDATION PLATFORM API GUIDE VERSION 3.0 Version 3.3, 10/6/2017 NSS Labs, Inc. 206 Wild Basin Road Building A, Suite 200 Austin, TX 78746 US info@nsslabs.com www.nsslabs.com 2017
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationBCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)
BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding) CLAUSE 13 ON-LINE BIDDING 13.1 ON-LINE BIDDING.1 Definitions: Owner means the party and/or their agent designated to receive on-line
More informationCustomer Support: For more information or support, please visit or at Product Release Information...
Product Release Information Product: Cyberoam Release Number: 9.3.0 build 5 Release Date: 19th July 2006 Compatible versions: 9.2.0 build 2 Upgrade Mode: Manual 1 Important note Upgrade removes all the
More informationWireless Integration Overview
Version: 4.1.1 Date: 12/28/2010 Copyright Notice Copyright 2010 by Bradford Networks, Inc. All rights reserved worldwide. Use, duplication, or disclosure by the United States government is subject to the
More informationCompatibility Matrix. BlackBerry UEM. March 26, 2018
Compatibility Matrix BlackBerry UEM March 26, 2018 Published: 2018-03-26 SWD-20180326105755902 Contents Introduction... 4 Legend... 4 BlackBerry UEM server...5 Operating system...5 Database server...5
More informationCompatibility Matrix. BlackBerry UEM. December 22, 2016
Compatibility Matrix BlackBerry UEM December 22, 2016 Published: 2016-12-22 SWD-20161220124335071 Contents Introduction... 4 Legend... 4 BlackBerry UEM server...5 Operating system...5 Database server...5
More informationInstallation and Configuration Guide
Installation and Configuration Guide BlackBerry Blend Version 1.2 Published: 2015-07-06 SWD-20150706173035792 Contents About BlackBerry Blend... 4 BlackBerry Blend architecture... 4 Security... 5 IT policy
More informationTEST METHODOLOGY. Breach Prevention Systems (BPS) V2.0 MARCH 5, 2018
TEST METHODOLOGY Breach Prevention Systems (BPS) MARCH 5, 2018 V2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Breach Prevention... 4 1.2 About This Test Methodology... 4 1.3 Inclusion Criteria...
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationAT&T Release Notes. Enhanced Web Real-Time Communication (WebRTC) API. Publication Date: August 2015
AT&T Release Notes Enhanced Web Real-Time Communication (WebRTC) API Publication Date: August 2015 Legal Disclaimer This document and the information contained herein (collectively, the "Information")
More informationPC SECURITY LABS COMPARATIVE TEST. Microsoft Office. Flash. August Remote code execution exploit. mitigations for popular applications
August 2014 PC SECURITY LABS COMPARATIVE TEST Remote code execution exploit mitigations for popular applications Microsoft Office Flash Silverlight QuickTime Internet Explorer Java Adobe Content 1. BACKGROUND...2
More informationDBAM Systems EP60 Test Executive Summary
Test Executive Summary A Broadband-Testing Report First published February 2007 (V1.0) Published by Broadband-Testing La Calade, 11700 Moux, Aude, France Tel : +33 (0)4 68 43 99 70 Fax : +33 (0)4 68 43
More informationNotifications for the Payment API
Notifications for the Payment API Legal Disclaimer This document and the information contained herein (collectively, the "Information") is provided to you (both the individual receiving this document and
More informationjk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022
CompTIA Exam Questions jk0-022 CompTIA Academic/E2C Security+ Certification Exam Voucher Only Version:Demo 1.An attacker used an undocumented and unknown application exploit to gain access to a file server.
More informationBlackBerry Enterprise Server for Novell GroupWise. Compatibility Matrix June 26, 2012
BlackBerry Enterprise Server for Novell GroupWise Compatibility Matrix June 26, 2012 2012 Research In Motion Limited. All rights reserved. www.rim.com Page: 1 Operating Systems: BlackBerry Enterprise Server
More informationRelease Information. Revision History. Version: build 018 Release Date: 23 rd November 2011
Version: 02.00.2 build 018 Release Date: 23 rd November 2011 Release Date Version 02.00.2 Build 018 23 rd November 2011 Release Information Release Type: General Availability Supported Cyberoam Versions:
More informationTerms of Use. Changes. General Use.
Terms of Use THESE TERMS AND CONDITIONS (THE TERMS ) ARE A LEGAL CONTRACT BETWEEN YOU AND SPIN TRANSFER TECHNOLOGIES ( SPIN TRANSFER TECHNOLOGIES, STT, WE OR US ). THE TERMS EXPLAIN HOW YOU ARE PERMITTED
More informationSecurity Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
SECURITY ADVISORY Processor based Speculative Execution Vulnerabilities AKA Spectre and Meltdown Version 1.6 Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
More informationTEST METHODOLOGY. Next Generation Intrusion Prevention System (NGIPS) v2.0
TEST METHODOLOGY Next Generation Intrusion Prevention System (NGIPS) v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Next Generation Intrusion Prevention Systems... 4 1.2 About This Test Methodology...
More informationCAWS CYBER THREAT PROTECTION PLATFORM API GUIDE. Version 2.3
CAWS CYBER THREAT PROTECTION PLATFORM API GUIDE Version 2.3 Version 2.3, 6/29/2017 NSS Labs, Inc. 206 Wild Basin Road Building A, Suite 200 Austin, TX 78746 US info@nsslabs.com www.nsslabs.com 2017 NSS
More informationHPE Intelligent Management Center
HPE Intelligent Management Center EAD Security Policy Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with the TAM
More informationMERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS
MERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS Introduction This document sets forth the terms and conditions ("Terms and Conditions") governing your use of the MeridianHealth.com Web site ("Web Site")
More informationPresentation by Brett Meyer
Presentation by Brett Meyer Traditional AV Software Problem 1: Signature generation Signature based detection model Sheer volume of new threats limits number of signatures created by one vendor Not good
More informationDWS-4000 Series DWL-3600AP DWL-6600AP
Unified Wired & Wireless Access System Configuration Guide Product Model: Release 1.0 DWS-4000 Series DWL-8600AP DWL-6600AP DWL-3600AP Page 1 Table of Contents 1. Scenario 1 - Basic L2 Edge Setup: 1 Unified
More informationWinnebago Industries, Inc. Privacy Policy
Winnebago Industries, Inc. Privacy Policy At Winnebago Industries, we are very sensitive to the privacy concerns of visitors to our websites. Though we do not obtain any personal information that individually
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationProduct Release Information
Product Release Information Product: Cyberoam Release Number: 9.4.1 build 2 Release Date: 20 th March, 2007 Compatible versions: 9.4.1. build 0 Upgrade: Auto Upgrade Customer Support: For more information
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationAvast Customer & Technical Support Policy
Avast Customer & Technical Support Policy PLEASE READ THE TERMS AND CONDITIONS OF THIS SUPPORT POLICY ( SUPPORT POLICY ). THIS SUPPORT POLICY IS PROVIDED BY AVAST SOFTWARE s.r.o., A COMPANY DULY ORGANIZED
More informationOCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)
OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA) This is a License Agreement (the "Agreement") for certain code (the Software ) owned by Akamai Technologies, Inc. ( Akamai ) that is useful in connection
More informationBlackBerry Java Development Environment (JDE)
1 BlackBerry Java Applications for Accessing SAP Applications BlackBerry Java Development Environment The BlackBerry Java Development Environment (JDE) is a fully integrated development and simulation
More informationPolycom RealPresence Access Director System
RELEASE NOTES Version 4.0.1 August 2014 3725-78700-001D1 Polycom RealPresence Access Director System Polycom, Inc. 1 Document Title Version What s New in Release 4.0.1 The RealPresence Access Director
More informationCALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS
CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS INTRODUCTION: Before the California State Teachers Retirement System (hereinafter "CalSTRS," "We," or "Us") will provide services found at mycalstrs.com (the
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationPolycom Video Border Proxy (VBP ) 7301
RELEASE NOTES 14.8.2 January 2017 3725-78311-001I Polycom Video Border Proxy (VBP ) 7301 Release Notes Polycom VBP 7301 Version 14 Current Version: 14.8.2 Release Date: January 2017 Polycom VBP Release
More informationBlackBerry Enterprise Server Express for Microsoft Exchange
BlackBerry Enterprise Server Express for Microsoft Exchange Compatibility Matrix March 25, 2013 2013 Research In Motion Limited. All rights reserved. www.rim.com Page: 1 Operating Systems: BlackBerry Enterprise
More informationPolicies & Medical Disclaimer
Policies & Medical Disclaimer Money Back Guarantee Heather Woodruff Nutrition proudly stands behind its programs. To help you feel comfortable we offer a Money-Back Guarantee* If you are not absolutely
More informationSecurity Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
SECURITY ADVISORY Processor based Speculative Execution Vulnerabilities AKA Spectre and Meltdown Version 1.4 Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationEnd User License Agreement
End User License Agreement Kyocera International, Inc. ( Kyocera ) End User License Agreement. CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS ( AGREEMENT ) BEFORE USING OR OTHERWISE ACCESSING THE SOFTWARE
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationDell Change Auditor 6.5. Event Reference Guide
Dell Change Auditor 6.5 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license
More informationIT S NOT ABOUT THE 98 PERCENT YOU CATCH, IT S ABOUT THE 2 PERCENT YOU MISS.
ANALYST BRIEF Cyber Resilience IT S NOT ABOUT THE 98 PERCENT YOU CATCH, IT S ABOUT THE 2 PERCENT YOU MISS. Authors Bob Walder, Chris Morales Overview Where the goal of cyberprevention has been to reduce
More informationPriv ac y Policy. Last upda ted:
Priv ac y Policy Last upda ted: 05.2014 This Privacy Policy describes the policies and procedures of ZET / Adrian Zingg / ZetApps and any subsidiaries and affiliated entities (together, Company, we or
More informationBlackBerry Desktop Software Version 4.0 Service Pack 1 Release Notes
BlackBerry Desktop Software Version 4.0 Service Pack 1 Release Notes BlackBerry Desktop Software Version 4.0 Service Pack 1 2 of 9 NOTE This document is provided for informational purposes only, and does
More informationIntroducing Unified Critical Communications
Introducing Unified Critical Communications for Public Safety EXECUTIVE SUMMARY Public safety agencies already use a range of wireless communications networks, including Land Mobile Radio (LMR), public
More informationTechnology Solution Guide. Deploying Entuity s Eye of the Storm with Aruba Networks Secure Mobility Solution
Technology Solution Guide Deploying Entuity s Eye of the Storm with Aruba Networks Secure Mobility Solution S/W Version: Eye of the Storm Enterprise 2011 WARRANTY DISCLAIMER THE FOLLOWING DOCUMENT, AND
More informationHow to Get Started with Cisco SBA
How to Get Started with Cisco SBA Cisco Smart Business Architecture (SBA) helps you design and quickly deploy a full-service business network. A Cisco SBA deployment is prescriptive, out-ofthe-box, scalable,
More informationAttacking Networks. Joshua Wright LightReading LIVE! October 1, 2003
Attacking 802.11 Networks Joshua Wright Joshua.Wright@jwu.edu LightReading LIVE! October 1, 2003 Attention The material presented here reflects the personal experience and opinions of the author, and not
More informationVP-UML Installation Guide
Visual Paradigm for UML 6.0 Installation Guide The software and documentation are furnished under the Visual Paradigm for UML license agreement and may be used only in accordance with the terms of the
More informationWL580E. DUAL BAND WALL PLUGGED 300Mbps WIRELESS-N REPEATER
WL580E DUAL BAND WALL PLUGGED 300Mbps WIRELESS-N REPEATER Copyright 2014 All rights reserved. No part of this document may be reproduced, republished, or retransmitted in any form or by any means whatsoever,
More informationNEXT GENERATION FIREWALL PRODUCT ANALYSIS
NEXT GENERATION FIREWALL PRODUCT ANALYSIS Cisco FirePOWER 8350 v5.3 Authors Ryan Liles, Christopher Conrad Overview NSS Labs performed an independent test of the Cisco FirePOWER 8350 v5.3. The product
More informationEntrust WAP Server Certificate Relying Party Agreement
Entrust WAP Server Certificate Relying Party Agreement The WAP/WTLS specification v1.1 does not provide a means for certificate revocation checking. The following Relying Party Agreement" provides further
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationVendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo
Vendor: Cisco Exam Code: 646-206 Exam Name: Cisco Sales Expert Version: Demo QUESTION 1 What are three current business factors that are influencing customer decisions in making technology investments?
More information802.3at ac 3x3 Dual Band Ceiling Mount Access Point/WDS. can be used with EAP1750H. Key Features
EAP1750H can be used with 802.3at capable switches or injectors 802.11ac 3x3 Dual Band Ceiling Mount Access Point/WDS The EAP1750H leverages the breakthrough speed and performance of 802.11ac for connecting
More informationRelease Notes. BlackBerry Enterprise Identity
Release Notes BlackBerry Enterprise Identity Published: 2018-03-13 SWD-20180606100327990 Contents New in this release...4 Fixed issues...5 Known issues... 6 Legal notice...8 New in this release New in
More information