Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
SP2 beta for Windows Server 2008, Vista available
Nokia's new N97 vs. the iPhone: Latest smartphone showdown
Wanted: A long-term data center strategy
FastSoft technology speeds downloads for Getty Images
Open source developers set out software road map for 2020
VMware expands desktop virtualization capabilities
FBI warns of holiday cyber scams
Cisco renews call for national broadband strategy
Apple antivirus advice 'big to-do about nothing'
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Verizon trounces competition in wireless quality survey
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP
Security /

Holes in your network

Vulnerability-assessment tools edge toward usefulness in large networks.

Related linksToday's breaking news
Send to a friendFeedback

By Mandy Andress
Network World, 02/04/02

Do you know where the holes are in your network? Vulnerability-assessment scanners can help you find them before hackers do.

With these products you can identify many of the major security holes residing in the systems on your network, usually with just a few mouse clicks. Easily identifying weaknesses, coupled with understanding how to correct them, is a significant step toward maintaining a strong security posture.

However, vulnerability-assessment scanners, which have been on the market almost 10 years, still have a long way to go to maturity. Many of these tools report false positives and seem to falsely stand by the idea that the sheer number of identified vulnerabilities - regardless of accuracy - proves the products' overall worth.

Advertisement:

Even with these problems, the importance of vulnerability scanners in corporate security infrastructures is ballooning. According to IDC, revenue will grow to $657 million in 2004, up from $359 million this year.

Overall, these tools come in two varieties: network-based and host-based scanners.

Network scanners pinpoint problems
How we did it
Holes in your network
Vulnerability-assessment services on the rise
Interactive Buyer's Guide chart

Network-based vulnerability-assessment scanners focus on identifying issues with services, such as HTTP, FTP and Simple Mail Transfer Protocol, running on systems in a given network. They are ideal for understanding what systems are running on your network, what services are running on those systems and what vulnerabilities exist in those services. Network assessment scanners usually do not provide as detailed information or give you granular control of specific systems as host-based assessment scanners, but they do provide more detailed service and network information. Plus, you don't need to worry about deploying agents on all machines as you do with host-based wares; you define a network to scan, and off you go.

The major players in this market are Cisco's Secure Scanner, ISS' Internet Scanner and Network Associates' Distributed CyberCop Scanner. EEye Digital Security's Retina scanner is quickly gaining ground. We tested the leading network-based scanners (see review).

Host-based scanners identify system-level vulnerabilities such as file permissions, user account properties and registry settings, and usually require that an agent be installed on any system to be scanned. The agents report to a centralized database, which a user can tap for generating reports and handling administration. Because agents are installed on each system, administrators have more control over the system than with network-based scanners. If you want to maintain detailed, granular control over particular systems, host-based assessment scanners can help. Many of these products can be combined with enterprise policy- management offerings to help ensure system configurations remain in line with defined, corporate security policies. The major players in this market are Symantec's Enterprise Security Manager, BindView's bv-Control and ISS' System Scanner.

But the lines between network-based and host-based assessment scanners are blurring. Many network assessment scanners include functionality once available only on host-based scanners, such as autofix features. Many also include the ability to analyze registry permissions and account properties.

A new angle in the vulnerability-assessment story is the arrival of online assessment services. These services provide an automated and cost-effective way to stay up-to-date on the potential vulnerabilities in your perimeter devices. A few of the managed services can even scan internal systems.

As with any growing technology market, new features for vulnerability-assessment tools are on the horizon. Users want improved ease-of-use, one-click updates and better reporting. Vendors are obliging by making user interfaces more intuitive and vulnerability updates quick and painless. For vulnerability updates, many vendors are taking the same approach antivirus companies took by providing Web-enabled updates. Symantec uses its antivirus distribution infrastructure called Live Update to distribute its assessment updates.

For reporting, users want a variety of options. Executive summaries and detailed analysis reports are standard, but users also want differential reports comparing scan results over a period of time. The assessment tools from Harris include this functionality. EEye's Retina scanner will include differential reporting in Version 5.0, due out in a few months. Users also want to export reports to Word documents, PDFs and HTML files. Many assessment products already support this capability and the rest should not be far behind.

Vendors are also looking to boost their products' performance. Currently, many scanners are slow and some cannot even handle Class C IP networks without running on a fairly hefty system (a Pentium III-800-based server with 512M bytes of RAM). With today's scanners, evaluating an entire corporate network is not very feasible on just one system.

There is a growing trend toward using automated ÒfixesÓ for identified vulnerabilities. While some administrators may not want to implement all recommended changes, especially on a production system, giving the administrator the option to automatically fix the vulnerability is helpful. If a vulnerability-assessment scanner identifies a registry key with incorrect permissions, one click of the mouse on the autofix button will immediately take care of this issue. Otherwise, the administrator would have to log on to the system, open the registry editor, find the registry key, and change the permissions. Host-based scanners have the advantage in this regard because the agent physically resides on the system and can access many more system resources for the purpose of fixing a security hole than a network scanner can.

Vendors are developing ways for network scanners to accomplish these fixes, though. PatchLink's Update is the most advanced in this area, providing complete patch management and administration. It downloads the patches from its servers and has them ready on your network for deployment. PatchLink does everything for you behind the scenes.

The good news about this growing market is that vendors are paying attention to what users need in an enterprise vulnerability-assessment tool. The combination of assessment and autofix/patch installation is definitely the big trend to watch in this market. Combining these two activities will save your system administrators time and resources.

Back to the Buyer's Guide TOC page

RELATED LINKS

Andress is a network security engineer at TiVo and a frequent contributor to many publications. She has also authored several books, including Surviving Security. Andress is also active on the conference circuit, speaking at Black Hat, NetWorld+ Interop, and numerous other conferences. She can be reached at mandy@arcsec.com

Vulnerability-assessment services on the rise
Like most markets these days, the vulnerability-assessment market has a new services-based component.

Network scanners pinpoint problems
EEye's Retina wins our Blue Ribbon Award for speed and quick fix features.

How we did it
Our testing methods explained.

Interactive Buyer's Guide chart
Search for the vulnerability-assessment scanner that fits your network best.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.