Network Security Performance Testing at UNH-IOL

NetSecOPEN logo

NetSecOPEN and the University of New Hampshire InterOperability Lab (UNH-IOL), as a founding member, first started collaborations in the Summer of 2017. The goals at the time were clear: certification testing for the performance of security devices in an open and transparent way that enables the best opportunity for “apple-to-apples” comparison of results.

NetsecOPEN and the UNH-IOL had common goals from the beginning. The UNH-IOL’s dual mission is to provide a neutral environment to foster interoperability, standards conformance, and development for the interconnected world, while attracting students to and preparing them for careers in cutting-edge technology. Open standards and transparent test methodologies support the UNH-IOL’s mission and encourage cooperation rather than competition in the development of the technology. True to this mission, NetSecOPEN test methods are submitted to and discussed at open IETF Benchmarking Working Group meetings, allowing all who attend, NetSecOPEN member or not, to comment on and critique the specification. Now at draft -05, the Network Security Device Performance Internet-Draft is poised to enter the final stages of publication in the coming weeks.

The mission of NetSecOPEN “is to work with industry and others to create well defined, open and transparent standards that reflect the security needs of the real world. Standards development efforts are open to all of those with a vested interest in the outcome.” NetSecOPEN brings together all interested parties for whom the goal is to improve the state of network security: Enterprises, Security Product Vendors, Test Solutions, and Laboratories. Enterprises are the eventual end-users and provide feedback to security product vendors. Product vendors are innovators and developers of the technology. Test Solutions and Testing laboratories stand as impartial advocates for the standard and obtaining verifiable results. The activities take place in an environment where all are able to contribute and participate in the process. This open environment synergizes diverse interests into a comprehensive and technically sound testing program.

The UNH-IOL, through the Firewall Testing Service, provides NetSecOPEN and related testing services to its members.  The Firewall Testing Service enables security product vendors to reserve testing ahead of time for a given product.  During a testing reservation, UNH-IOL staff and students work closely with the vendor to setup and configure the device following vendor specifications and according to the prescribed testing methodology. At the conclusion of testing, the UNH-IOL generates a comprehensive report detailing the observed performance metrics collected through exhaustive testing. Vendors may then submit these results to NetSecOPEN for final approval and certification.

2020 stands as a milestone year for NetSecOPEN and the UNH-IOL. The UNH-IOL worked closely with product vendors and test solutions to increase confidence in the testing methodology and its accuracy in measuring performance. The first 5 security vendor products achieved certification with more to follow, the draft went through 3 formal versions, and NetSecOPEN membership has grown to 14 members, with 3 test solutions, and 2 laboratories.    

For the UNH-IOL, this open and collaborative process aligns with our mission to develop testing services that meet the needs of the network security industry, helping to ensure a smooth NetSecOPEN testing and certification process. Launching the test service and certification program in collaboration with all NetSecOPEN participants was the first step in realizing the original “apples-to-apples” comparison NetSecOPEN set out to achieve. 2021 looks to continue the pace, with developments in malware and NGIDS/NGIPS testing, as well as with initiatives to investigate the expansion of the scope of available testing to include other areas of enterprise security.