Title: Review of security testing tools Version: 1.1 Date : 27.6.2011 Pages : 100 Author: Ilkka Uusitalo (VTT) Reviewers: Fredrik Seehusen, Michel Bourdelles, Jürgen Großmann/Florian Marienfeld To: DIAMONDS Consortium The DIAMONDS Consortium consists of: Codenomicon, Conformiq, Dornier Consulting, Ericsson, Fraunhofer FOKUS, FSCOM, Gemalto, Get IT, Giesecke & Devrient, Grenoble INP, itrust, Metso, Montimage, Norse Solutions, SINTEF, Smartesting, Secure Business Applications, Testing Technologies, Thales, TU Graz, University Oulu, VTT Status: Confidentiality: [ ] Draft [ X ] Public Intended for public use [ ] To be reviewed [ ] Restricted Intended for DIAMONDS consortium only [ ] Proposal [ ] Confidential Intended for individual partner only [ X ] Final / Released Deliverable ID: D1_1 Title: Review of Security Testing Tools Summary / Contents: Contributors: Juha Matti Tirila, Tuomo Untinen, Rauli Kaksonen, Ari Takanen, Ami Juuso, Miia Vuontisjarvi (Codenomicon) Bruno Legeard, Fabrice Bouquet, Julien Botella, Dooley Nsewolo Lukula (Smartesting) Ilkka Uusitalo, Matti Mantere (VTT) Peter Schmitting (FSCOM) Stephan Schulz (Conformiq) Ina Schieferdecker, Florian Marienfeld, Andreas Hinnerichs (Fraunhofer FOKUS) Pekka Pietikäinen (OUSPG) Wissam Mallouli, Gerardo Morales (Montimage) Fredrik Seehusen (SINTEF) Wolfgang Schlicker (Dornier Consulting) Copyright DIAMONDS Consortium Page : 2 of 100 Version: 1.1 Review of security testing tools Date : 27.6.2011 Deliverable ID: D1_1 Status : Final Confid : Public TABLE OF CONTENTS 1. Introduction ............................................................................................................................... 7 2. Behavioral MBT for security testing ........................................................................................ 7 2.1 Behavioral MBT - an introduction ........................................................................................ 7 2.2 Test Design with MBT ........................................................................................................ 8 2.2.3 Automated Test Design with MBT in Standardization ................................................. 12 2.3 Modeling For automated test generation .......................................................................... 12 2.3.1 Modelling of Risk ........................................................................................................ 13 2.3.2 Modelling of Functionality ........................................................................................... 13 2.3.3 Modelling of Security Aspects .................................................................................... 25 2.3.4 Fokus!MBT................................................................................................................. 27 3. Extend test coverage using security-oriented test purposes .............................................. 31 3.1 Conformiq approach for testing security properties ........................................................... 32 3.2 ETSI approach to security testbeds specific to IPv6 security testing ................................. 32 3.2.1 Organization of the work ............................................................................................ 33 3.2.2 Summary ................................................................................................................... 38 4. Random, Block-based and Model-based fuzzing .................................................................. 39 5. Network Scanning ................................................................................................................... 44 5.1 port scanners .................................................................................................................... 45 6. Monitoring tools for detecting vulnerabilities ....................................................................... 46 6.1 Intrusion detection systems .............................................................................................. 46 6.1.1 Network Based Intrusion Detection Systems .............................................................. 46 6.1.2 Host Based Intrusion Detection Systems ................................................................... 47 6.1.3 Scalability ................................................................................................................... 47 6.1.4 Challenges ................................................................................................................. 47 6.1.5 Examples of Current Intrusion Detection Systems...................................................... 48 6.2 Network monitoring tools .................................................................................................. 51 6.2.1 Wireshark ................................................................................................................... 52 6.2.2 OpenNMS .................................................................................................................. 53 6.2.3 OmniPeek .................................................................................................................. 54 6.2.4 Clarified Analyzer ....................................................................................................... 54 6.2.5 Tcpxtract .................................................................................................................... 55 6.3 Business Activity Monitoring ............................................................................................. 56 6.3.1 IBM Business Monitor ................................................................................................ 56 6.3.2 Oracle Business Activity Monitoring ........................................................................... 57 6.4 database Activity Monitoring ............................................................................................. 58 6.4.1 IBM InfoSphere Guardium .......................................................................................... 58 6.4.2 dbWatch ..................................................................................................................... 60 6.4.3 DB Audit 4.2.29 .......................................................................................................... 61 6.5 Firewalls, Spam and Virus detection tool .......................................................................... 63 6.5.1 Firewalls ..................................................................................................................... 63 6.5.2 Virus detection ........................................................................................................... 65 6.5.3 Spam Detection and Filtering ..................................................................................... 70 7. Diagnosis and root-cause-analysis tools .............................................................................. 73 7.1 Diagnosis tools for security testing ................................................................................... 73 7.1.1 RCAT ......................................................................................................................... 73 Copyright DIAMONDS Consortium Page : 3 of 100 Version: 1.1 Review of security testing tools Date : 27.6.2011 Deliverable ID: D1_1 Status : Final Confid : Public 7.1.2 XFRACAS .................................................................................................................. 74 7.2 Intrusion prevention systems ............................................................................................ 76 7.2.1 Cisco intrusion prevention system .............................................................................. 76 8. Tool integration platforms ...................................................................................................... 77 8.1 MODELBUS ..................................................................................................................... 78 8.2 JAZZ ................................................................................................................................. 80 8.3 Connected Data Objects – CDO ....................................................................................... 81 8.4 EMF STORE .................................................................................................................... 82 9. Risk analysis and modeling tools .......................................................................................... 83 9.1 Microsoft THREAT MODELING ........................................................................................ 85 9.2 the coras tool .................................................................................................................... 86 9.3 CRAMM - CCTA Risk Analysis and Management Method and Tool ........................................ 88 9.4 MotOrbac.......................................................................................................................... 90 9.5 GOAT ............................................................................................................................... 92 9.5.1 VDC editor plugin for GOAT ....................................................................................... 93 9.5.2 TSM editor plugin for GOAT ....................................................................................... 94 9.6 SeaMonster .....................................................................................................................