CyberFlood: The Security Mix Tab

For those of you that use CyberFlood I want to talk about something very specific today. The “Traffic Mix” tab and the “Security Mix” tab when running a CyberFlood test. When I was playing with CyberFlood in my little “Stealthwatch playground” that I had, I only every used the Traffic Mix tab. It wasn’t until I moved roles within Cisco over to a more security focus that I ever started using the Security Mix tab. At first so much of it all was new to me and I didn’t easily “see” the cool reasoning to put traffic into different tabs. Okay… getting ahead of myself… let me take a big step backwards. lol

When running traffic through a security product, obviously you would likely like to see some things get “blocked”. Things like applications that you have configured the security product to block (e.g. “telnet”) or maybe you want to block some malware or CVEs. It is common to also want to see “normal” traffic (e.g. generic background traffic) getting successfully through the security product at the same time you are blocking malware, attacks, etc.

CyberFlood has a really nice way of doing this, IMHO. There are two tabs in a CyberFlood test where you configure what type of traffic you want to send as well as whether or not “success” for that traffic is to work or to be blocked.

The Traffic Mix tab and the Security Mix tab

CyberFlood Traffic Mix and Security Mix tabs

Traffic Mix Tab: “Success” in the results file for this traffic is based on whether or not the traffic got “through” and was successful. 100% success means 100% of the traffic successfully worked.

Security Mix Tab: “Success” in the results file for this traffic is based on whether or not the traffic “got blocked”. 100% success means 100% of this traffic was blocked.

Traffic Mix Tab Example

So here is a nice visual that wraps it all up. 🙂 This little visual is 3 images piece together

  1. Upper Left: An example of the type of traffic one might send in the Traffic Mix tab
  2. Upper Right: An example of the “pie chart” (successful/unsuccessful) in the results view of a CyberFlood test
  3. Bottom: An example CyberFlood test setup

Security Mix Tab Example

Again… this is the traffic CyberFlood will send, but “success” for us for this traffic is that it get blocked.

  1. Center Top: An example of the type of traffic one might send in the Security Mix Tab – Apps you want to send but want blocked, attacks, malware
  2. Upper Right: An example of the “pie chart” in the results view of a CyberFlood test for the Security Mix tab.
  3. Bottom: An example CyberFlood test setup

YouTube Video Examples of the Security Mix Tab and Sending Traffic We Want Blocked

I have 2 YouTube Videos so far for Security Mix stuff.

CyberFlood Security Fun: Using Security Mix Tab and App Blocking

CyberFlood Security Fun: Security Mix Tab, CVEs, and Sending a CVE from CyberFlood



Categories: CyberFlood, Security, Spirent

Tags:

Leave a Reply