US 11,943,248 B1
Methods, systems, and computer readable media for network security testing using at least one emulated server
Stephen Lee McGregory, Austin, TX (US)
Assigned to KEYSIGHT TECHNOLOGIES, INC., Santa Rosa, CA (US)
Filed by Keysight Technologies, Inc., Minneapolis, MN (US)
Filed on Apr. 6, 2018, as Appl. No. 15/947,274.
Int. Cl. H04L 9/00 (2022.01); H04L 9/40 (2022.01); H04L 41/14 (2022.01); H04L 43/08 (2022.01); H04L 43/50 (2022.01); H04L 61/4511 (2022.01); H04L 67/02 (2022.01)
CPC H04L 63/1433 (2013.01) [H04L 41/145 (2013.01); H04L 43/08 (2013.01); H04L 43/50 (2013.01); H04L 61/4511 (2022.05); G06F 2221/034 (2013.01); H04L 67/02 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for network security testing, the method comprising:
at a test system implemented using at least one processor:
receiving, from a client device and at an emulated domain name service (DNS) server of the test system, a DNS request requesting an Internet protocol (IP) address associated with a domain name;
sending, to the client device and from the emulated DNS server, a DNS response including an IP address associated with an emulated server of the test system, wherein the emulated server appears to be associated with the domain name;
receiving, from the client device and at the emulated server, a service request using the IP address;
sending, to the client device and from the emulated server, a service response including at least one attack vector data portion;
receiving, by a test controller of the test system, data obtained by at least one test related entity, wherein the at least one test related entity includes a first network tap and a second network tap, wherein a first portion of the data is from the first network tap and includes information about the service response including the at least one attack vector data portion prior to the service response being received at a system under test (SUT) and a second portion of the data is from the second network tap and includes information about a modified version of the service response modified by the SUT to remove or mitigate the attack vector data portion after the service response is received and processed by the SUT, wherein the first network tap is located between the emulated server and the SUT and wherein the second network tap is located between the SUT and the client device; and
determining, by the test controller of the test system and using the data obtained by the at least one test related entity, a performance metric associated with the SUT that inspects communications between the client device and the emulated server, wherein the SUT is a security device capable of performing one or more mitigation actions in response to the client device being sent the at least one attack vector data portion, wherein determining the performance metric includes analyzing the data obtained by at least one test related entity including the first portion and the second portion to determine whether a mitigation action was taken by the SUT in response to the attack vector data portion.