WebTrends dispatches security agents

The last time I checked out WebTrends Corp.'s Security Analyzer (Version

2.1), I found it a promising product that effectively helps system administrators

identify security problems on their networks and suggests fixes. Now, a

couple of revisions later, Security Analyzer Version 3.5, which began shipping

last month, reveals itself as a more polished product.

Starting with Version 3.0, WebTrends added to Security Analyzer support

for Red Hat Inc.'s Linux operating system and Sun Microsystems Inc.'s Solaris

operating system and also added Security Agent technology that allows systems

on the network to monitor themselves and report the results of their security

testing back to a centralized Security Analyzer console. That means that

monitoring doesn't have to consume nearly as much network and server bandwidth

and can happen in parallel across the enterprise.

The only significant draw-back is that the entire WebTrends Security

Analyzer application has to be installed on a system in order to install

the agent on it, at least on the Win32 platform. This is unfortunate because

you might not want users to have access to the Security Analyzer console.

On the plus side, beginning with version 3.0, WSA features autosync

technology to update its security test program via the Internet. This is

a critical feature for a security product, given the rapid proliferation

of security threats. With Version 3.5, the agents distributed across your

enterprise automatically update themselves and sync up to the console.

It takes only minutes to install Security Analyzer and get it up and

running. Installing the WSA console was a snap, but I found installing agents

a bit more involved. In fact, I had to dig through the CD to find the agents.

An install option for this step would be helpful.

I ran Security Analyzer against a small network of Windows and Linux

machines, and I found that the product does a nice job of probing machines,

even without an agent running on it. However, especially with desktop systems

that don't run a lot of services — as a server would — running the agent

on the machine is the sure-fire way to track down many security holes.

Given that Version 2.1 did very little to probe Unix vulnerabilities,

I was impressed with what Version 3.5 could tell me about my Red Hat Linux

box. WSA enumerated the services running on the machine quite effectively — a great first step toward securing a server. You can identify the services

that are running and turn off the ones you don't need. Hackers (usually)

can't exploit services that aren't running.

Another nice feature that WebTrends offers is the free 10-user license

for noncommercial use of the product, available for down-load on the company's

World Wide Web site. This is especially useful for small offices or telecommuters

who want to test the security of their broadband Internet access connections — a growing concern because cable modems and Digital Subscriber Line connections

make networks more vulnerable to attack.

If you are charged with securing your network, WebTrends' Security Analyzer

can help you quickly assess the security of a broad range of systems. With

the information you get from WSA, you can begin to prioritize your security

fixes.

Hammond is a freelance writer based in Denver. He can be reached at ehammond@earthlink.net.