spirent.com

Evolution of Content Consumption—Achieving Seamless & Safe Delivery

A young aerobics instructor from Colombia, named Alberto “Beto” Perez, forgot his music one day for his group exercise class. He retrieved a Latin music CD from his backpack, improvised on the spot, and taught the very first ZUMBA® class. The rest, as they say, “… is history.”

Today, the ZIN™ (Zumba Instructor Network) is growing by leaps and bounds, and the increasing number of licensed instructors translates to more and more demand for new music and training videos (i.e. new content!)

“Who knew that such a worldwide sensation would be launched when Beto forgot his CD that day?”

Happy people in workout clothes

I’ve been an active ZIN member since 2010, receiving countless CD and DVD sets via snail mail with their music and choreography videos. And in truth, I’m a bit sad about the transition to digital downloads. I love that I can quickly look at my hardcopies and know where they are at any given time. It’s my personal library that I’ve collected and organized. And, you know what? I enjoy looking at all my hard copies of this colorful medium. I can hold them in my hand—touch, see, hear, and even smell them. They are tangible, real, and physically, they’re mine. And yet soon they will be no more.

There’s an App for That

While it makes perfect sense in our app-centric, mobile-first, on-demand economy, to digitally download music and video files, this evolution of content consumption can become problematic from a security standpoint.

The On-Demand Economy is defined as the economic activity created by digital marketplaces that fulfill consumer demand via immediate access to and convenient provisioning of goods and services.

—The On-Demand Economy.org

And because some of us are slower than others to embrace the new paradigm (clinging to the physical media until the very end; not trusting new content delivery systems), we realize top priorities for network security must be scalability, reliability and safety.

Important Questions to Ask for Enterprise-scale Infrastructures

The combination of my ZIN experience, and knowledge of security testing, leads me to ask important questions regarding secure processing of requests for content, such as music and video:

How can infrastructures prepare to transmit large volumes of email to notify anxious users, and subsequently balance the increased load on its servers?

Why is testing under load, with real traffic so important for those who are challenged with managing and protecting their networks around the clock, and around the globe?

Feature-Rich Testing As Many Times as You Want

Luckily, online infrastructures and applications can be tested for scalability, reliability and safety. With features such as DDoS (distributed denial-of-service), Advanced Fuzzing, and Throughput with Mixed Apps & Protocols you get real traffic that is reliable and repeatable.

Spirent solutions generate simulated, realistic Internet conditions and load. Our wizard format simplifies and speeds test case creation. Simple and intuitive navigation tools make it easy to view, select, and run stored test cases, as well as view test case results in chart format during run-time and in post-test reports and logs.

Critical Network Security Tests

DDoS (Volumetric, Protocol, Application)

Volumetric DDoS

This test is to prevent access to a target by consuming all of the network bandwidth available to the target (i.e., victim.) The attacker launches an attack designed to cause network congestion between the target and other Internet users, making the target unreachable.

Protocol DDoS

Similar to Volumetric DDoS attacks, Protocol DDoS attacks will attempt to disrupt access by consuming actual network device or service resources. These include attacks that will fill up a device’s TCP state table so no new connections can be made, or send malformed or fragmented service calls that congest the target, in some cases these attacks can be disruptive even at low volumes of traffic. 

Application DDoS

As the name implies, an Application DDoS attack use elements of the application itself to impact and disrupt user access. Attackers will target specific application services or flaws in order to overwhelm the application from servicing new requests. In some cases, attacks can be as slow as a few packets-per-second and gradually hold connections open and not allow new connections or user requests to be made. Slowloris is a perfect example of this type of attack targeting web services.

Fuzzing

Fuzz testing or fuzzing delivers invalid, unexpected, or random data to the inputs of a computer program, OS, or hardware system while monitoring for application or program crashes. It’s a relatively easy and more effective tool in generating and running arbitrary inputs than it is to perform manual code audits, or using software for reverse engineering. Uncover previously undetected bugs and compromises in your system, while hardening your program against random data. Going deeper than scans or “dumb” protocol testing, use fuzzing to discover vulnerabilities the same way hackers do.

With the ability to find serious faults, fuzzing is most effective when used in conjunction with extensive black box testing, with no access to source code. It can be left up and running for days, to reveal bugs missed in manual audits, while providing an overview of the target software’s robustness.

Throughput with Mixed Apps & Protocols—Test
Over 7000 Apps!

This test allows you to specify the amount of data that can be transmitted in a fixed amount of time (bandwidth), over all combined interfaces, and with a mixture of applications and protocols. Configure different service and protocol mutation scenarios, and quickly replicate a large variety of actual and potential attacks. Specify test cases that often cause catastrophic and costly crashes or failures on a live network.

Conclusion

With comprehensive testing of online infrastructures and applications before deployment, the ZIN (or anyone expecting seamless, safe content delivery) need not worry. Server overload, DDoS attacks, and malware have all been mitigated. We can now monitor email on our devices (anxiety-free), get new content (without glitches), and even stream live media (with confidence of security.)

To learn more about Spirent’s Network Testing Solutions, please visit http://www.spirent.com/products/avalanche.

 
comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.