Setting Up a Test Environment

Setting up a test environment for different types of drivers can be a complex task, and often it can seem to take longer to set up the environment than to find actual bugs.When setting up your test environment,the first and most important factor to determine is what you are expecting to test.Many different types of drivers handle untrusted code,ranging from USB and FireWire to wireless drivers such as WiFi and Bluetooth.The quickest and easiest way to test drivers for vulnerabilities is via a technique called fuzzing,so building an environment that is fuzzer friendly should be your initial goal.The best environment for testing that I have found is a Linux-based
machine.
Linux enables you to do raw packet injection for WiFi testing as well as manipu- late different drivers such as USB to produce the desired results.Linux distributions are plentiful,but I went with Fedora Core 5 (FC5) for its great hardware support and ease of adding new packages through the yum package manager. I performed the install on a laptop for ease of use and transportation. Although the laptop has built-in WiFi and Bluetooth hardware,I decided to go with third- party cards for both.I did this for two reasons,both of which make it much easier to
reproduce results.First,you can move the third-party devices from one machine to another,which ensures that the same hardware is being used and eliminates theminute differences in hardware and firmware implementations that may cause repro duction to be difficult or unreliable.Second,use of third-party hardware enables testers to select specific hardware that may be better suited for fuzzing than the included hardware.

For my test environment I chose a NETGEAR WG511U for WiFi and aLinksys USBBT100 version 2 adapter.Both of these devices are well supported under Fedora Core 5;in addition,almost every computer store carries them,so they’re easy to find,and they are relatively cheap,so if your testing manages to cause a hardware failure,replacing them is easy.
Device Drive Auditing •Chapter 21583Now that your base operating system is installed and you have the third-party

hardware for communication with the target devices,you need to add some software packages.Because building many of these testing tools will require kernel source,the first thing to do is install the latest kernel,complete with source,so that you can recompile modules at will.You can do this through yum or by downloading the kernel source directly and building the kernel from scratch;alternatively,you can use the existing kernel’s .config file to ensure identical hardware support

0 komentar:

Post a Comment

 
Powered by by: Blogger