State Point Plus states the facts'big and little

State Point Plus states the facts'big and little

Westinghouse Electric Co. slams the door on network vulnerabilities with its State Point Plus integrity control suite.

The suite has three programs'Strategy Console, Strategy Builder and Trend Analyzer'that examine and report on every piece of software on every client and server. Beyond strengthening security, this is invaluable for inventory purposes and for ferreting out unauthorized software.

As State Point Plus drills down into registries and operating systems, it compares what it finds against templates preconfigured with the file sizes of common software, the directories where programs should be located and descriptions of their digital signatures.

State Point Plus looks for inconsistencies and changes. For example, if an intruder changed a setting in the system registry on a Microsoft Windows NT network from 1 to 0, State Point Plus would notice during its periodic checkups and notify the administrator.

The administrator would then have a choice to make: Revert the registry to the original setting or watch for additional hacker activity.

The GCN Lab tested the suite by changing settings on our systems and then running diagnostics. No matter how insignificant the changes, State Point Plus picked them up immediately. It recognized a vulnerability we had overlooked'not every client on our network had antivirus software installed.

State Point Plus also found one server had a communications problem that proved to be a faulty network interface card.

When State Point Plus software is first installed, that computer becomes its central server. It then distributes diagnostic software to other machines on the IP network, and it receives and automatically logs their reports.
The process worked flawlessly in our tests. Wizards and the interface were logically constructed, but interpreting them and understanding the full capabilities took a lot of practice.

New templates

No two network infrastructures are identical. Every agency has different software and security needs. The 55 preconfigured templates might not be enough for large enterprises, but with Strategy Builder, the administrator can make new templates as needed.

Strategy Builder compares a node's software against the templates by making a snapshot. The snapshot takes only a couple of mouse clicks to execute, and it lasts from 20 seconds up to several minutes, depending on how much is stored.

We used the snapshot feature to catalog every machine on the lab network and design profiles for what software should be installed on future machines so that our benchmarks would run efficiently.

Although hardware isn't the focus of the suite, Westinghouse is moving in that direction. The suite can already detect NICs and chip architectures.

It scans the nodes for changes up to 48 times a day for applications such as Microsoft Office, or once per minute for registries, services and hardware.

The Strategy Console portion of the suite distributes the templates and software agents, which execute the comparisons and generate results.

The results go to the Trend Analyzer. It creates a report on the overall characteristics of the network, every system's particular characteristics, and problems per week or month.

Fortifying a network in this way saves data, money and time in the long run, but it comes at a cost. The pricing structure is almost as complex as the suite itself. The base price of $28,000 is just for the software; additional license fees depend on network size.

Westinghouse told us that for a network of 10,000 systems, the cost per computer would run about $150, not including optional one-week training, which costs $2,000 per delegate. The training can take place either at an agency site or at a Westinghouse satellite office.

I recommend the training because this suite yields a lot of information that is often difficult to interpret. Also, knowing how to design custom templates is essential to achieve the highest possible security with State Point Plus.

For now, State Point Plus is available only for Windows NT 4.0 networks. It is compatible with Windows 2000 and XP but not Windows 9x. Westinghouse has versions under way for HP-UX and Sun Solaris.

inside gcn

  • How DHS hopes to harden tech against GPS spoofing (ShutterStock image)

    How DHS hopes to harden tech against GPS spoofing

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above