WebTrends' Security Analyzer finds network flaws

Maintaining the security of a network is critical, no matter how seemingly uninteresting the data it carries. By exploiting security holes in your systems and network infrastructure, an attacker can gain unauthorized access to data, commandeer system resources for nefarious purposes such as send

Maintaining the security of a network is critical, no matter how seemingly uninteresting the data it carries. By exploiting security holes in your systems and network infrastructure, an attacker can gain unauthorized access to data, commandeer system resources for nefarious purposes—such as sending junk e-mail or distributing pirated software - or simply disrupt access to your systems, bringing your organization to a screeching halt.

Many times, these attackers exploit bugs, undocumented features or insecure default configurations found on the hardware and software running on your network. As these types of security issues multiply across a complex organization's network, the typical system administrator could go bananas trying to keep track of all of the vulnerabilities in all of the devices and on all of the systems in a network.

Network scanners can help alleviate these problems. By automatically probing your network for problems and reporting on the results, these tools can help overworked system administrators get their arms around network security issues.

WebTrends Corp.'s Security Analyzer is one product that aims to identify these holes. We looked at the enterprise version, which includes a license for scanning unlimited hosts across unlimited subnets throughout one organization. WebTrends offers other versions based on the number of sites users need to scan.

We found Security Analyzer to be easy to install and configure. The tool features a tabbed graphical user interface that will be comfortable for anyone who has used any of WebTrends' other products. In the GUI, you define the types of scans that you want Security Analyzer to perform and the Internet Protocol addresses on which you'd like the scans performed. Then you fire up the scan, sit back and wait for the results.

When we turned Security Analyzer loose on our network, both the capabilities and limitations of the product became readily apparent. The tool is geared toward Microsoft Corp. Windows NT networks, and if you have a lot of Unix or other systems on your network, you may need a different tool.

On a machine on which had been recently installed Windows NT 4.0 with Service Pack 3, Security Analyzer found 188 security issues ranging in severity from minor to critical. Scanning this machine took Security Analyzer more than 20 minutes, which tells you that scanning an entire network would take quite a while. This is true of any product of this type.

Low-risk issues uncovered by the Security Analyzer scan included CD-ROM access not restricted to the user currently logged in. Medium-risk issues included the fact that the guest account had not been renamed. The scan uncovered 25 high-risk issues, including the fact that guest access was allowed to the security log.

For each problem that it uncovers, Security Analyzer offers information on how to fix the problem. The value of this information varies with the type of problem uncovered. For patches, the information includes the Uniform Resource Locator to retrieve the patch. For policy issues, it may be up to the administrator to determine the correct path to take to fix the problem.

In addition, Security Analyzer is extensible via its Security Developer's Kit. You can create your own tests for Security Analyzer to run. In addition, as WebTrends releases new tests, the tests easily and automatically can be downloaded and added to the product. Third-party developers also can extend the Security Analyzer architecture. Maybe someday there will be more Unix-oriented tests available for Security Analyzer.

At $5,000 for what amounts to an unlimited license for your organization, Security Analyzer certainly isn't inexpensive. Still, it is less expensive than many of the tools on the market, such as Internet Security Systems Inc.'s Internet Scanner or Network Associates Inc.'s CyberCop. What you get with Security Analyst is a user-friendly tool that will perform a fairly complete scan of a Windows NT network and some of the networking hardware that runs on it.

-- Hammond is a free-lance writer based in Denver.

***

Security Analyzer

WebTrends Corp.

(503) 294-7025

www.webtrends.com

Price and Availability

WebTrends Security Analyzer Single System Edition is available on the open market for $499. WebTrends Security Analyzer also is available in a Professional Edition, which enables you to analyze up to 255 IP addresses on a single subnet, and an Enterprise Edition, which analyzes an unlimited number of IP addresses across multiple subnets. WebTrends Security Analyzer Professional Edition is available for $1,499, and WebTrends Security Analyzer Enterprise Edition is available for $4,999.

Remarks

Security Analyzer provides a user-friendly tool for analyzing security. It is focused primarily on the security of Windows NT systems. If you have a lot of Unix on your network, this might not be the tool for you.