Protocol specifications seldomly contain flaws that result in negative security implications. In other cases, protocol specifications leave room for a variety of implementation strategies, some of which lead to security vulnerabilities.
A number of companies offer robustness testing tools which generate unexpected protocol messages or message sequences, testing the readiness of an implementation to gracefully handle such messages, with the goal of finding implementation flaws. While these tools have their value in helping improve the robustness of the assessed implementations, they cannot replace a manual security assessment of the protocol and its corresponding implementation(s).
SI6 Networks provides world-class expertise in discovering protocol design and implementation flaws, and in engineering mitigations for the identified issues. We generally apply the following methdology when performing security assessment of a communications technology:
- A security assessent of the protocol specifications is performed, identifying protocol design flaws and potential implementation flaws
- Security assessment tools are produced, such that implementations can be assessed with respect to the identified issues
- Exhaustive testing is performed with the target implementations
- Conter-measures for the identified vulnerabilities are designed, implemented, and tested
- Our findings are reported to the vendor, together with the possible mitigation techniques
- We pursue the standardization of our mitigation techniques, for the benefit of the Internet community as a whole
We pride ourselves on our outstanding work in the area of communications protocols security, and are always keen to apply our expertise to new protocols and products. Please do not hesitate to contact us for any inquiries.