PROGRAMS
NetSecOPEN’s mission is to work with industry and others to create well defined, open and transparent standards that reflect the security needs of the real world. Standards development efforts are open to all of those with a vested interest in the outcome.
That includes enterprises in addition to security product vendors, tool vendors and labs.
As NetSecOPEN starts new projects, new content will be created specific to those projects. However, currently, as NetSecOPEN is being launched, the one project being worked on is the Open Performance Testing Standards project.
Once a project has sufficient content (test methodology, interpretation guidance and other documents as needed) it will feed the creation of a program. Projects can and will continue at the same time a program is created. Programs will be administered by NetSecOPEN, while labs will do the actual certification testing. Evaluation testing can be conducted against the standard by anyone licensed to use the standard. However, only certified labs will be able to conduct certification testing.
PROJECTS
Building on the work of IETF and other standards bodies, NetSecOPEN is driving standards that clarify how network security product testing should be conducted in light of today's networks.
We begin by identifying a project.
Next, we develop a test methodology. The methodology includes a set of recommended tests and guidance, including tips for configuring the product's security posture during performance testing.
Documentation provides guidance for interpreting testing results. After thorough testing, we submit the proposed standard to the IETF for consideration as a Request for Comment (RFC).
• Blend 70% HTTPS and 30% HTTP
• Over 10,000 unique URLS
• ~1000 unique FQDNs
• ~400 unique Certs
PROJECT ONE
Open Performance Testing Standard for Next-Generation Firewalls
Many organizations deploying next-generation firewalls (NGFWs) have been surprised and hampered because they did not know how these devices would affect their networks. Our first project was to develop a NetSecOPEN standard for testing NGFWs and the enterprise perimeter.
Our next projects include creating standards for technologies
such as load-balancers, web filters, and others.
NetSecOpen APP DETAIL
Approximately 1000 FQDNs including CDN, sub apps, trackers, etc. Some Application slices have 100+ unique connections.
eastus21-mediap.svc.ms
login.windows.net
loginin.microsoftonline.com
nam.loki.delve.office.com
graph.miscrosoft.com
webdir.online.lync.com
clientlog.portal.office.com
config.edge.skype.com
portal.office.com
webdir0a.online.lync.com
s1-officeapps-15.cdn.office.net
excel.officeapps.live.com
powerpoint.officeapps.live.com
appsforoffice.microsoft.com
s1-excel-15.cdn.office
red.delve.office.com
word-edit.officeapps.live.com
shellprod.msocdn.com
outlook.office365.com
s1-ppowerpoint-15.cdn.office.com
spoprod-1.akamaihd.net
spirent1-my.sharepoint.com
s1-word-edit-15.cdn.office.com
static.sharepointonline.com
swx.cdn.skype.com
r1.res.office365.com
TESTING USING A REAL WORLD TRAFFIC MIX
Actual enterprise production networks handle thousands of applications, traffic types, and access privileges. To accurately test an NGFW, the traffic mix must be as comprehensive and substantive as possible.
We first created a real-world traffic mix that delivers accurate pictures of the load performance that current security products face. Any traffic mix used for testing current network security products should include the following pillars:
• 70% HTTPS traffic and 30% HTTP traffic
• Recreated content from more than 10,000 unique URLs
• ~1000 unique fully qualified domain names (FQDNs), including CDN, sub-apps, trackers and other connections
• ~400 unique certificates
DRILLING DOWN INTO THE APP DETAIL: OFFICE 365
Drilling down into more detail about each app, we recreated traffic as realistically as possible. Most apps trigger connections to multiple—sometimes dozens—of URLS in order to handle personal data, gather content, and deliver data to other apps.
This Office 365 app slice shows where, and relatively how much, traffic goes.
The NetSecOPEN standard painstakingly recreates traffic destinations from the original FQDN