As Internet applications keep growing, the topic of network safety has increasingly attracted more attentions. We need to ensure the hardware, software and system data within a network is protected from destruction, alternation, disclosure caused by contingent factors or deliberated attacks, besides, we must secure the system’s continuous, reliable and proper service operation.

Sigma-RT provides source code review to help identify the network vulnerabilities and risks, specifically by code analysis, character extraction, etc. The following measures are to be adopted to guarantee the network safety:

Access control - protects the PCs and networked resources are prohibited from unauthorized use.

Communication safety - used to verify the data confidentiality, integrity and communication reliability. For instance, the communication safety service is supportive to and widely used in Internet-based e-Business.

The execution process of safety test can be divided into ten phases, each focusing on a different type of environment users usually experience:

Phase 1 - Base traffic verification (2 hrs): enable traffic on all valid traffic pairs

Phase 2 - Common Internet attack (2 hrs): launch Layer 3, 4 traffic attack from Internet segment

Phase 3 - Internal firewall attack (2 hrs): inject firewall attacking traffic from internal network, challenging the internal and external hosts

Phase 4 - Network noise and invalid frame ( 2 hrs): inject invalid Layer 2 frames and network noise by a traffic generator

Phase 5 - Drop In test (2 hrs): connect in the device under test (DUT) when all traffic are about to, or just started

Phase 6 - Administrability attack (10 hrs): send administrative traffic and attacking packets to the administrative port, verifying the performance of the DUT’s TCP stack in the attack.

Phase 7 - Safety attack (10 hrs): apply standard network security test tools to upload continuous attack to stress DUT, making sure the DUT is safe from vulnerabilities.

Phase 8 - Common Internet application acceptance (3 hrs): let Internet applications pass through the firewall. The NFS, VoIP, DNS and other applications is directed through the DUT.

Phase 9 - Network layer attack (3 hrs): direct IP fragments and the ICMP messages pass through the DUT.

Phase 10 - Repeat phase 1 to phase 9 at random sequences (36 hrs).