Abstract
As systems today are more and more reliant on the
communication between different systems and their
co-operation, network security is crucial for the overall
security of the whole system. Although protocols
themselves can be theoretically proven secure, it is the
implementations and complete systems built upon them
where the most security bugs reside. Traditional testing
is not so effective in finding the security problems and
checking the implementations for security problems
requires a lot of effort and expertise. Security bugs are
often found by doing unexpected things and looking for
changes in system and environment behavior and additional
side effects. These negative side effects are the main
cause that prevents companies from running these tests in
their real networks - requiring massive investments in
parallel test networks.
As security can never be absolute - not even with
vigorous testing - additional precautions are advisable.
A set of different testing tools will provide a better
coverage of the tested system. System should be made more
rugged and more difficult for the crackers and malicious
programs to take advantage of. Adopting some metrics also
helps in evaluation the security of the system and the
testing coverage achieved.
In this paper we illustrate the experiences of security
testing OpenGGSN, an open source implementation of a
Gateway GPRS Support Node (GGSN) that uses the GPRS
tunneling protocol (GTP).
Original language | English |
---|---|
Title of host publication | Proceedings of the 6th Annual Security Conference |
Place of Publication | Washington, DC |
Pages | 50.1-50.10 |
Publication status | Published - 2007 |
MoE publication type | A4 Article in a conference publication |
Event | 6th Annual Security Conference 2007 - Las Vegas, NV, United States Duration: 11 Apr 2007 → 12 Apr 2007 |
Conference
Conference | 6th Annual Security Conference 2007 |
---|---|
Country/Territory | United States |
City | Las Vegas, NV |
Period | 11/04/07 → 12/04/07 |
Keywords
- information security
- security testing
- OpenGGSN
- GTP