Case Study: Spirent

Industry-Recognized Test Lab Accelerates Security Testing with Spirent Studio

Challenge

Over the past 25 years the University of New Hampshire Interoperability Lab (UNH-IOL) has hosted interoperability testing of emerging telecommunications technologies for hundreds of network equipment vendors in their 32,000 square-foot facility. Staffed by over twenty full-time employees and over 100 graduate and undergraduate students, the organization serves as a neutral, unbiased resource for the data communications industry and a hands-on lab to give students real-world experience.

In 2007, the National Institute for Standards and Technology (NIST) introduced USGv6, a program to develop the technical infrastructure necessary to support wide scale adoption of IPv6 in the US government for hosts, routers, and network protection devices (NPD). The host and router profiles address basic IPv6 functionality, specific requirements, and key optional capabilities for routing, security, multicasting, mobility, network management, and quality of service. The NPD profile first published in November 2009, addresses requirements for IPv6-aware firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

The UNH-IOL has been involved with USGv6 from the beginning, building a list of tested devices from dozens of vendors. “When NIST added the NPD test cases to the profile, we began to get requests from vendors that we had tested for accreditation to vet the firewall features of their devices,” said Tom Peterson, Research and Development for IP Technologies at the UNH-IOL.

Peterson needed a solution that would cover the NPD test specification and that could be brought up and running quickly.

Requirements

From the beginning, the UNH-IOL has created much of their lab infrastructure, including custom test tools and harnesses. However, after considering current resources and schedules, Peterson decided to see what was available instead of reinventing the wheel.

Of course the test system would need to support IPv6, including the security capabilities. It needed to be designed to stress the capabilities of a firewall, IDS, and IPS, including testing the ability of a device to defend against a comprehensive list of known threats.

After discussing the options with the Spirent Studio engineers, Peterson recognized that Studio had the capabilities required to implement the latest USGv6 NPD test specification. “It had all the elements we needed. We especially liked the Published Vulnerabilities Module, which is continuously updated with the latest real-world attacks on the Internet.”

Benefits of the Solution

The ease-of-use of the Spirent Studio interface allowed them to quickly create custom tests. The Spirent team worked with the UNH-IOL to cover a suite of 35 test cases to test a dedicated firewall, IDS, and IPS. “Within 12 weeks we were up and running and ready to support the NPD test specification in our USGv6 accredited program,” Peterson said.

The Studio API was one factor in extending the host and router test cases to support NPD testing. “With the number of tests we do in a year, automation is essential to work efficiently in the lab,” Peterson said, “and we took advantage of the API to script the test cases. It not only makes testing faster, it reduces configuration errors that can waste time to troubleshoot.”

With Spirent Studio, the UNH-IOL was able to quickly respond to vendor requests for NPD testing and the list of USGv6-accredited NPD devices continues to grow, helping government networks to safely transition to IPv6. “There is no question that we were able to offer NPD accreditation much faster because of Spirent Studio,” Peterson said.