Centria SecuLab is the cybersecurity laboratory of Centria university of applied sciences has been an active user of Rugged Tooling’s IP traffic generator Ruge for several years. But what do they do with the tool, and how do they do it? We went and asked Olli Isohanni, the RDI developer at the lab. He is an expert in the technical cybersecurity field. He was introduced to the lab by Joni Jämsä, lecturer and research scientist at Centria, and has been a driving force of the lab ever since.
Ylivieska drives the cybersecurity of the entire region
Ylivieska is a surprising location for a cybersecurity hub, but that is a valid title for the SecuLab at Centria university of applied sciences. The lab deals with both the technical aspects of cybersecurity as well as related policies and processes. It provides cybersecurity-related training and cybersecurity testing to both external customers as well as students at Centria.
The lab is well set for practical security screenings, which is where they also use our Ruge.
Get cloned and get tested while you work
Security testing does not create hassle in your system and messes up your day-to-day work. How? Because SecuLab clones the system first and then runs the tests on the clone. The lab is equipped with a VMware environment, where they set up virtual machines that run an exact clone of the system, instead of the real thing, be it a web app or a server.
“The clone is as good as the real thing”, says Olli. “The results we get from the cloned environment are an exact match to what the real environment would reveal. And they always reveal something important.”
Can anyone be the admin?
Thorough testing needs several approaches. The test process typically starts with functional testing. Olli may use a set of user credentials to enter the system and see what he can do there. Could he accomplish something only an admin should be able to do? Or could a complete outsider gain access to some parts of the system even without a username and password?
Could a hacker slip through the backdoor?
The next step is penetration testing, which starts with a simple port scan. Port scans are also something that actual hackers do all the time to find easy targets. The tester then tries to gain entry into the system. When that has been accomplished, they try to move deeper into the system leveraging any vulnerabilities they can find. The key task is to find out if misusing the system is possible, and how much damage could a successful hacker make.
Shop till you drop – or the shop drops
It is the time for the big sale, but will the webshop crash under a load of so many shoppers? And what happens if it does crash? Or what if everyone wants to sign in to the new service at the same time. What happens? This can also be tested using load testing. The lab is equipped with our IP traffic generator Ruge, which can emulate a lot of users easily. Those users can be shoppers, or people signing in to a service or making voice calls.
Why should I do this?
“We are running tests continuously”, explains Olli, “and we have never seen a system that does not have a single flaw. It is better that you know the problems before the criminals do.”
SecuLab is focused on finding vulnerabilities from networks, devices, and applications and they keep themselves trained and equipped to a tee to be the best partner for their customers. The well-equipped, very active lab employs 4-5 persons working on both the technical and teaching aspects of cybersecurity. The lab provides education to Centria students, but they also provide a wide range of training to local companies. More about SecuLab in this link, in Finnish language.
About Rugged Tooling and our IP Traffic generator Ruge
We, the team at Rugged Tooling are experts in accurately generating, modifying, and monitoring IP traffic, even in high data rates. We have created our IP Traffic Generator Ruge to be an extremely versatile tool for both load and security testing of networks and services.