IWL's Expert Insights on Network Emulation and Protocol Testing
IWL Cautions Against Misleading 5G Claims Made by Purveyors of 5G Products
Prior to planning or funding 5G rollouts, technology implementers must rigorously question 5G claims and look for substantiated evidence. IWL issued a caution today that some of the claims made by investors in 5G technology are exaggerated or lead to overly-naïve conclusions …
Practical Guidelines for TCP Implementers
While many open source TCP/IP implementations are available via standard operating system distributions, some applications require changes and customization to TCP/IP. Hence, the requirement to track best practices and the current status of the protocol’s evolution. What has changed? A lot, really! …
TLS Finally on the Way Out
Info Security recently published an article about the Payment Card Industry's final push to force the adoption of TLS 1.1 or higher. This article provides a good summary of the evolution of SSL/TLS, the pitfalls of earlier versions, and advantages of the most recent standards …
Open Source Does Not Equal Better Quality or Greater Security
Open source advocates have long proclaimed the intrinsic quality and security of open source code. They argue that because the code is open it is inspected by many eyes and tested by many hands. I dispute that argument. Code will become better through more inspection, and improved testing, no matter whether that code is "open", "free", or "proprietary" …
New MQTT Test Suite
IWL today announced a new addition to its family of network test suites: the IWL MQTT Test Suite. Cloud platform providers using MQTT can enhance their solutions to help clients test their apps before launching. IoT implementers can test their apps and devices with a high quality, commercial test suite in their lab or in the cloud …
How to Create Awe-Inspiring Network Protocol Test Suites
The cost of computer security breaches is no longer hypothetical. According to the Cisco 2018 Annual Cybersecurity Report (page 46), more than half (53 percent) of all attacks resulted in financial damages of more than US$500,000 (for each organization), including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs. Interestingly, about 19% of the attacks resulted in financial damages of more than US$2.5 Million per organization! …
Are You Ready for the New Challenges of QUIC?
In 2013, Google announced a new transport protocol, the QUIC protocol (Quick UDP Internet Connections). QUIC’s original goal was to reduce transport latency, particularly with users of web apps (that use HTTP over TCP). The goal was later expanded to provide a reliable, connection-oriented, low-latency, fully encrypted transport layer. Approximately 0.9% of all websites use QUIC …
The Quandary of Event Notification: SNMP Traps
Newcomers to IT network operations are often confounded by the complexity of managing, controlling, monitoring, diagnosing and repairing their networks. As we are all inclined to select the simplest tool, to a networking newcomer, the simplest tool for staying on top of network operations would be an event report …
On Fuzz Testing
Fuzz testing is a form of brute-force testing - every possibility is thrown at the target in hopes that eventually something bad will happen and a flaw revealed. Fuzz testing is a plausible technique if the number of variations is small enough that all the possibilities can be tried in the time before the target product becomes obsolete. But with some modern network protocols the time to test all the combinations could run into years - or, in many cases, eons …
IPv4 vs IPv6: Is it Okay to Use IPv4 as IPv6
Despite what one might read in certain techno-marketing publications, IPv4 is very much alive; it has not by any stretch yet been replaced by IPv6. So it remains important that vendors of networking products do IPv4 and do it correctly.
But some vendors appear to be getting lazy …
Checking for New SNMP Vulnerabilities
Cisco Systems recently announced a patch for a vulnerability in Simple Network Management Protocol (SNMP) functions of some Cisco routers. This vulnerability could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to an incorrect initialized variable …
SNMP Agent Simulator
IWL provides the SilverCreek SNMP Test Suite, Libraries and APIs for engineers to find and fix bugs in their SNMP agent implementations. Often developers and quality assurance engineers will need to test the SNMP management application to be used with a new SNMP agent. Verifying SNMP-based network management applications requires an SNMP agent simulator …