GCN LAB REVIEW
RedSeal Network Advisor can keep security devices in compliance
Tabbed monitoring system saves a lot of time in keeping policies in place
- By Greg Crowe
- Jan 13, 2010
Network administrators go to a lot of trouble to ensure the security of their systems. They put firewalls and routers at all of the vital chokepoints, which generally protect against unauthorized access. However, for larger organizations, there is a law of diminishing returns for security devices — the more there are, the harder it is to make sure everything is performing uniformly and correctly.
And those devices have become more complicated lately as they try to keep up with hackers’ newest tricks. No single human could possibly fully understand every firewall’s rule set or access control list (ACL).
This is where products such as RedSeal’s Network Advisor 4.0 come in. Network Advisor automatically checks the configurations of a network’s devices, servers and hosts and compares them with the desired compliance policies. It then gives the network administrator information about the devices in a concise, visually intuitive interface.
The software can be installed on any server that runs Windows 2003 or 2008 Enterprise Server 64-bit with Sun Microsystems' Java SE Runtime Environment. After setting it up in the lab, we installed the client software on a networked computer.
Scanning the network didn’t take an inordinate amount of time, but of course, that would depend on the network's size. After the software scans a system, it displays information about the network in various ways, designated by a tab in the user interface.
The first screen that greeted us was the status page, which graphically showed the most pressing best practices, policy and risk issues. The Maps & Views tab showed us a diagram of the network setup, grouped by location. Double-clicking on one of the symbols summoned all the information about that particular device. Right-clicking showed a menu that let us see at a glance all the devices that have access to that device or vice versa. Selecting a particular access path brought up details of the exact route the path takes through the network.
The Zones & Policy tab allowed us to separate the network into security zones, each of which instituted the same policies to all devices in it. That definitely made it easier to set up policies based on zones and the access among them rather than trying to monitor the settings of each device.
The Best Practices tab listed all of the policies that were in place, whether they were preloaded or custom policies.
Creating a custom policy was a relatively painless process, as we were able to clone an existing policy and work from there. That would save a lot of time on a complex network because you could set or tweak your policies to comply with your agency’s directives and then copy them to all devices that defend your network.
The Risk tab provides an abstract view of your network to highlight the most crucial needs, which is a boon for a large organization with a lot of security to track. Network devices are represented by rectangles of varying sizes relative to its value score, a calculation based on the types of services it provides. Those rectangles are colored based on risk, from bright green for safest to bright red for the most risky.
The size and color can be changed to indicate a variety of things, such as types of risk, exposure or changes in these properties. So if a device goes from very secure to just slightly secure, you can get an instant warning about the change. Clicking on any of the squares brings up the device’s detailed information. That can be a powerful tool for quickly determining the most critical vulnerabilities in the network. Just click on the red icons and read about the warnings, then fix the problems until the icons turn green.
All those tools can be used to detect the existence of a potential intrusion problem and isolate the root cause of a potential attack. We were able to quickly locate a specific device and check its rules and ACLs. That information let us approve a particular avenue of access or close it. That could save hundreds of hours that administrators would spend on finding leaks by conventional means.
The Reports tab shows about a dozen of the most common reports that a network administrator might want to generate, such as a best practices violations summary. Those reports can be run on the fly or scheduled to be periodically generated and e-mailed to specified people. If the basic report templates don’t cover what you need, you can make a new one.
RedSeal sells Network Advisor 4.0 for $1,000 per Layer 3 network device, such as firewalls and routers. For all that this application does and the potential labor it saves, we felt this was a good price. For larger networks, RedSeal offers some dedicated appliances with the Network Advisor software preinstalled, which would be a less expensive option than buying the software and your own server.
RedSeal Systems, 888-845-8169, www.redseal.net
RedSeal Network Advisor 4.0
Ease of Use: B+
Price: $1,000 per Layer 3 network device