Securing Your Network |
||||||
| ||||||
|
L-3 Network Security's Retriever 1.0 helps you identify possible security holes in your network. Some network administrators wouldn't even know that their network had been compromised until they saw that someone had drawn a fake mustache on the CEO's picture on the company's Web site. Other administrators are more vigilant, but they don't have the time to search the Web for new vulnerabilities for all of their e-mail, Web, FTP, and file server products connected to the Internet. Likewise, controlling users and preventing them from connecting modems and setting up ad hoc remote-access servers can be a full-time job. The only solution is a security scanning application that can monitor the network for you. Unfortunately, these products can cost thousands of dollars and require extensive knowledge of TCP/IP services and protocols. L-3 Network Security has introduced a package called Retriever 1.0 that's not only easy to use, but at $500 for up to 255 IP addresses, it is also one of the most inexpensive scanning programs on the market. Retriever can scan for security holes, diagram your network, predict possible vulnerabilities, and discover modems and other access devices the administrator doesn't know about or approve. Getting Set Up Retriever is sold based on the number of IP addresses you want to scan. For example, for a single Class C network (up to 255 addresses), pricing starts at $500 a year, which is an annual subscription that includes updates to the vulnerability database, free Web-based technical support, and free upgrades to the software. The cost per address drops down for larger installations. You can download a demo and a seven-day evaluation copy from L-3's Web site (www.L-3security.com). We found this product easy to install, but unfortunately we were unable to define where to copy the files. This is only a problem if you don't want to install the product to the default location on your C drive because of security or space requirements. The software runs on any Microsoft Windows 9x or NT-based client PC. Access to the vulnerability scan is also based on password security to prevent unauthorized users from finding possible holes in your network. Mapping Your Network One of the best features of Retriever is its ability to map your network and possible security vulnerabilities without being obtrusive. Most security scanning programs (such as Internet Security Systems' $2,795 Internet Scanner) run active probes on your network that can substantially increase network traffic. The Retriever network mapping tool uses standard TCP/IP protocols to discover all of your intranet devices, including versions of software. By comparing these devices and version information with Retriever's database, the software can alert you to known vulnerabilities without actually trying to hack into each device. The administrator then must decide which vulnerabilities need to be addressed and what devices are not important. For example, on our tests, Retriever alerted us that we were running an older version of IIS with several possible security holes. The utility left it up to us to decide whether to download a new version of the offending software. If no upgrade is available, Retriever can recommend changes that will resolve the problem. The Retriever database currently contains information on 2,000 network components and 750 vulnerabilities associated with those components. The network mapping tool can also discover modems on the network. This prevents users from installing Symantec pcAnywhere, Windows NT RAS, or other products that let them dial in from home--and unknowingly leave a hole for potential intruders. Unprotected dial-in modems are one of the biggest access points for network intruders. Security Alerts Retriever doesn't leave everything up to the administrator to decide; the product includes a rating system that identifies the most serious vulnerabilities. This system works by alerting administrators to the components that have the largest holes and helping them to decide which problems to fix first. But unlike products such as BindView NOSadmin for NT, Retriever can't fix the problems for you. For example, if NOSadmin finds an Windows NT server with a password that's easy to guess, you are forced to make a password change. Retriever doesn't go that deep--it only informs you about the version of Windows NT and the services running on that server. The predictive modeling feature is a great way for administrators to check for security holes before they happen. You can use Retriever to design a network and then check for vulnerabilities before you actually set it up. You can also run the predictive utility on a disconnected PC. For example, you could sit at home at night, make changes to the network topology, and see if you created any vulnerabilities. Retriever is currently the only scanning product to offer this disconnected predictive feature. To help keep up with moves and changes, Retriever allows you to schedule network scans on a daily or even hourly basis. You can also build detailed vulnerability reports that let you see how your network changes over time and check upgrades to see if they solved any security holes. | ||||||
| Last Updated ( Monday, 09 March 2009 ) | ||||||
- Related Article:
- Securing Network From Within