SCIT ISACA student group arranged a guest lecture on 23rd July 2017 regarding quality aspect of network security product testing. Speaker of the guest lecture Mr. Sabu Thaliyath is currently a Test Manager at Quick Heal Technologies Ltd. He started his lecture with basic question, “What is network security?” and went on exploring its components with quality aspect regarding their performance and impact on the system.
He specified that there are three aspects of network security – Hardware, Software and Policy. Various security modules at various levels work together to provide secure network for users. He explained working of Firewall, Anti-Malware, IDS- Intrusion Detection System, IPS- Intrusion Prevention System, URL categorization and VPN- Virtual Private Network in brief. Every network can be secured by unified working of these security modules but there are certain boundaries of each security module and also each separately costs on performance. Therefore Unified Threat Management (UTM) system emerged as a comprehensive security product which is able to implement multiple security functions within one single system.
He explicated that quality aspect of any security system is mainly determined by two characteristics, functionality and performance. Each module of security system inspects traffic and take decision. Quality of each module is tested based on how they work? And how fast they are? The combined performance of modules is also tested. He said that the firewall which mainly deals with packet filtering based predefined rules has high impact on performance. Anti-malware checks for matching signatures against signatures of known viruses. It has medium impact. IDS and IPS detects, alerts and prevents attacks. He gave an example of DDoS. In case of DDoS- Distributed Denial of Service attack a Pre-DoS may be used by a Master to trigger attack. This attack can be detected by IDS/IPS when traffic pattern towards port no. 27665 is analysed. Preventive measures are taken but again IDS/IPS has huge impact on performance. URL categorization has less impact of end users and VPN has high CPU use for encryption and decryption.
He quantified that throughput with respect to bandwidth is the main measure to test network security system performance. He mentioned that other quality aspects such as user performance, security testing of product itself, logging and reporting are also important. Throughout the lecture student asked their queries and he answered them very well. Overall session was erudite and students fostered a unified approach toward network security.