February 15, 2018

RedWolf Test Target

Everyone knows it is difficult to get an environment ready for test.

RedWolf’s Test Target VM’s are pre-configured test servers that can function as a ‘victim’ or ‘target’ of an attack and send real-time telemetry to your RedWolf control system. This lets you see both the ‘attacker’ and the ‘victim’ statistics side-by-side. The main benefits of a test target VM are:

Saves time with pre-configured services and test content

The Test Target VM can be loaded into an enterprise VMWare or OpenStack deployment or even on a laptop with the free VMware player. Many services are pre-configured (DNS, SMTP, HTTP, HTTPS) and loaded with testable content. The DNS server for instance includes pre-defined DNS definitions, the SMTP server operates as a black-hole and silently absorbs all sent SMTP mail, and the web services have built-in web sites and many special testing URL’s that can be useful to trigger DDoS devices, WAF’s, IPS systems, Anti Virus, Malware, Data Leak Prevention and more.

Compare ‘attacker’ and ‘victim’ side-by-side

By having visibility into both the attacker and victim it makes it easier to characterize the behaviour of all the intermediate systems. It makes it easy to see exactly when an upstream system blocked an attack.

Real Time Test Target Dashboards

Guidance on where to deploy the local test target VM

 

  • By putting a test target VM right after the router it is possible to verify upstream network connectivity and infer if any CDN, Cloud DDoS or Cloud WAF is blocking traffic.
  • The test target right behind the DDoS appliance allows precise characterization of this element without impacting systems behind the device like firewalls, load balancers or enterprise applications.
  • The further down you deploy test targets the more insight you will have by comparing what test targets at each level experience.
  • Deploy multiple test targets at varying levels to enable faster root-cause