App finds holes in IP network security

  Box Score B


Security Analyzer Enterprise Edition
WebTrends Corp., Portland, Ore.; tel. 888-932-8736
http://www.webtrends.com
Price: $4,499 for Enterprise Edition, $1,999 for Professional Edition, $11,999 for
Traveling License Edition

Pros and cons:
+  Excellent auditing and automatic security updates
+  Concise, customizable reports
–  Other tools needed to implement fixes


Real-life requirements:
Win9x or NT, 64M of RAM, 40M free storage





How secure is your Web server? What about your file and application servers?


Add to the list the question of desktop computer security and you are talking thousands
of security issues, applications and platforms. How to keep up with all the holes and
fixes? Try WebTrends Corp.’s Security Analyzer Enterprise Edition 2.0.


Security Analyzer audits networked computer security via an easy interface, in-depth
security expertise and a user-configurable structure.


The software runs under Microsoft Windows NT Workstation or NT Server 4.0 and can audit
services, applications and permissions on any Windows 9x or NT platform, as well as
systems on other platforms with TCP/IP connections.


These might be application or mail servers, file servers, desktop clients, or anything
running Web or File Transfer Protocol hosting services.


Users familiar with WebTrends’ other products, such as Enterprise Suite, will know
the interface. Others will quickly learn to dig out the information they want.


To work with Security Analyzer, you create profiles detailing what to examine, ranging
from a single machine’s name or IP address to a whole group of computers across a
range of IP addresses.


You can configure specific security issues to watch or choose the whole batch. Security
Analyzer keeps its list of known security holes and fixes up to date by downloading
information from WebTrends over the Internet. No need to spend half your time researching
security sites.


Besides the security checks that Security Analyzer downloads, you can configure test
for nonstandard port settings or develop your own with the software developer’s kit,
which uses a combination of Perl scripts and WebTrends security functions.


Security Analyzer can set up different scanning profiles, which is helpful for user
groups with differing degrees of vulnerability. The more targeted the auditing, the faster
the scans run and the more useful the findings are.


You can schedule scans for specific times or intervals. You can save reports either as
files for later viewing or have them automatically sent to an e-mail address. You can set
the program to include previous reports for comparisons.


Security Analyzer can run as a service under Windows NT for greater manageability and
stability.


The best auditing product in the world is useless if it fails to return the information
you want, and that is where Security Analyzer excels. You can choose the standard
interface or view reports in Hypertext Markup Language or Microsoft Excel or Word formats.


Security Analyzer sorts the security holes in several ways. View the results by hosts,
vulnerabilities, fixes, services running, users or shared resources. If the tool has the
appropriate access rights, it can do in-depth analysis of registry settings. On networks
with Windows clients, you must provide an identifier and password with administrative
rights.


Access permissions to log files, Web server exploits and basic workstation hardening
are only a few of the areas Security Analyzer can examine.


When I set it to audit the computers on the GCN Lab network, I was surprised at some of
the security holes it found. Many could only have been uncovered by a painstaking search
for known problems in each system’s registry files.


Security Analyzer is the easiest way I have found of finding security problems,
learning how to fix them and keeping abreast of security events.


Its big fault is that it does not let you make simple registry fixes at once.


To do so, you still have to go outside the program to other registry editing tools or
service menus. Security Analyzer would be just about perfect if it offered to make the
fixes itself.


Be sure to take advantage of Security Analyzer’s hyperlinks to vendor Web pages
dealing with specific security fixes or problems. They make this good product even better.


Security Analyzer comes in three versions. The Professional Edition can analyze up to
255 IP addresses on a single subnet. The Enterprise Edition, which I examined, can handle
an unlimited number of IP addresses across multiple subnets within a single organization.


The Traveling License Edition tests unlimited IP addresses across unlimited subnets in
multiple organizations, up to four times a year.  


inside gcn

  • A forward-located Control and Reporting Center. Air Force photo.

    Data security at the tactical edge: Rightsizing solutions

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group