Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Test system and test method oriented to next-generation firewall

A technology for testing systems and firewalls, applied in the field of information security, which can solve the problems of lack of network attack testing, testing, and poor targeting.

Inactive Publication Date: 2014-04-23
中国人民解放军信息安全测评认证中心 +1
View PDF1 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 1. Poor pertinence
It is impossible to test the distinctive technical characteristics of NGFW. In response to the development of network attack technology, NGFW has greatly strengthened the fine-grained control capability of the application layer. Application identification, content security and intrusion prevention have become its core functions, but the focus of existing testing methods Still focused on the network and transport layers
[0011] 2. Unable to conduct fine-grained application layer and content layer testing
In the past testing methods, there were very few test contents at the application layer and content level, only basic application layer protocol identification and a small amount of URL, keyword filtering and other content, and a large number of network application and data level content could not be tested, so it was difficult to effectively test the following First-generation firewalls for accurate testing and evaluation
[0012] 3. Lack of network attack testing based on the application layer
Most of the existing attack testing methods are based on the network layer, and the application layer attack testing is lacking, such as Trojan horse attacks based on protocol masquerade, Web attacks, etc., so it is difficult to effectively evaluate the security technical characteristics of the next generation firewall

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Test system and test method oriented to next-generation firewall
  • Test system and test method oriented to next-generation firewall
  • Test system and test method oriented to next-generation firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0025] figure 1 It is a structural block diagram of the test system for testing the next generation firewall of the present invention. The test system includes the following modules:

[0026] (1) Management module

[0027] This module provides a man-machine interface based on a graphical interface for the configuration of the test environment and parameters, as well as the customization of test strategies. Among them, the test environment and parameters include the communication port, IP address and corresponding gateway IP address of the client and server, as well as the network location of the client and server and the working mode of the firewall (routing, switching or mixed mode), etc.; Users can also customize the test strategy through the strategy template, select a specific test strategy according to the test content, and co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a test system and a test method oriented to a next-generation firewall. The test system is composed of five modules, namely a management module, a strategy module, a session generation module, a result evaluation module and a report module. The test method comprises the steps: (a) test strategy configuration: according to preset parameters, filling in data structure linked lists of test rules to generate specific test cases; (b) network session generation: constructing an independent client program and an independent server program, respectively simulating an attack host and a host in the network protected by a firewall, then respectively calling plugins corresponding to the test cases, passing the parameters of the test cases generated in the step a to the plugins, generating data packets in real time through the plugins, and delivering the data packets to a client or a server to be sent to generate a network session or network attack session; (c) test result evaluation: evaluating test results according to the completion status of the session, as well as behavior parameters and alarm information of the firewall. By adopting the test system and the test method oriented to the next-generation firewall, automatic test and evaluation of the next-generation firewall can be realized.

Description

technical field [0001] The invention belongs to the technical field of information security, and relates to testing for next-generation firewalls, in particular to testing devices and testing methods for main security features of the next-generation firewalls, such as application identification, user control, content security, Web attack protection, and unknown Trojan horse attack defense. . Background technique [0002] Firewall is an important part of computer network security system, deployed between different networks (such as trusted internal network and untrusted public network) or between network security domains. As the only connection point between different networks, the firewall monitors the network data passing through according to the network security policy, and has strong anti-attack capability. [0003] With the significant increase in the level of network attacks and the intervention of network threats with group organizations or even national backgrounds, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06
Inventor 钟力何金勇姚兰阮强
Owner 中国人民解放军信息安全测评认证中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com