Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


October 2004

Vulnerability Scanners

Find your network's holes before hackers do
From the October 2004 Edition
of Windows IT Pro
Jeff Fellinge
Review
InstantDoc #43888
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Subscription and Turnkey Solutions, Intrusive vs. Nonintrusive Scanning

Retina
Retina harnesses the ease of a small, nimble scanner and teams it with a comprehensive vulnerability database and high-performance scan engine to provide a top-notch scanner that excels at its primary mission to seek out and identify key system vulnerabilities. Retina includes several cross-platform auditing modules.

Retina's well-designed UI, which Figure 4 shows, makes setting up and managing scans a snap. When you begin the process of setting up a scan (called an audit), you can have the product discover computers on your network. This optional task uses Internet Control Message Protocol (ICMP), TCP, or UDP discovery methods to find systems on your network, then provides general information (e.g., name, OS, DNS name, media access control--MAC--address) about those systems. You can then add the computers to address groups, on which you can base the audit.

You begin an Audit by defining a new scan job. Retina lets you target computers according to IP address, name, or address group. Retina port-scans the targets as a part of the overall audit; you can specify a port group (e.g., all ports, common ports, HTTP ports) that you want Retina to use or you can create your own port group. Audit groups list the vulnerabilities that Retina will look for. Like many of the other products I've described, Retina includes an audit group to detect the SANS Top 20 vulnerabilities. Plus, Retina includes a full set of documented APIs so that you can create custom audits.

Retina's maker, eEye Digital Security, is a security lab that discovers and publishes many vulnerabilities, to the scanner's benefit. You can configure Retina to download updates from the vendor each time you run the program. Retina classifies vulnerabilities as High, Medium, Low, or Info and categorizes detected vulnerabilities into groups (e.g., Accounts, DoS, Wireless). During a scan, subtle use of icons and colors draw your attention to especially vulnerable machines or suspect ports.

After a scan has finished, you can switch to the program's Remediate view to see the results in-depth. Retina lets you select and group the results by vulnerability or machine name and lets you sort the results according to IP address, name, or risk. You can view a remediation report, which is formatted so that you can print it and use it as a remediation checklist from within Retina, or you can export it in HTML or Word format. The report includes detailed information, including solutions and links to vendor updates (e.g., Microsoft security updates, BugTraq ID number, CVE number). Retina also includes a variety of predefined reports, such as Scan Summary, Vulnerabilities, and Network Shares. Many of these reports use graphics and provide a clear and concise summary of previous scans. Unfortunately, the reports don't offer drilldown capabilities, so you have to alternate views or reports when you want to access more detailed information. Retina can stand alone as a scanner but can also fit into the vendor's larger Retina Enterprise Suite, which includes REM Security Management Console and Retina Remediation Manager, to provide a complete threat identification, assessment, and remediation package.

See associated table

Nessus
Nessus is a popular open-source scanner for Windows and UNIX. The price is right--free--but as with most open-source software, Nessus isn't for the faint of heart: You'll need UNIX knowledge to install and configure it. That said, the product provides a huge database of vulnerability checks, called plugins, as well as author and community support. However, as an open-source program, Nessus offers no company or paid technical support to help you out of a bind. The community or freelance Nessus consultants are your only avenues for support. Also, be aware that Nessus uses intrusive scanning methods (the Web-exclusive sidebar "Intrusive vs. Nonintrusive Scanning," http://www.windowsitpro.com, InstantDoc ID 43872, explains the difference between intrusive and nonintrusive methods), so be wary when scanning production systems.

Nessus consists of software that you install on a UNIX (or Linux, or FreeBSD) back-end server, and a UNIX or Windows front-end client. For my tests, I used the product's Windows client, NessusWX 1.4.4, which I needed to download separately from the main scanner (http://nessuswx.nessus.org). Because the main scanner program isn't a Windows program and isn't natively Windows-aware, you might find yourself having to tinker with its credentials to leverage its Windows-based scans. However, both the main Nessus site and the NessusWX site contain excellent installation documentation. The Nessus Web site manages more than 2100 plugins that cover most platforms. Nessus categorizes the plugins into families (e.g., Common Gateway Interface--CGI--abuses, firewalls, ftp, port scanners).

The first step in conducting a scan is to create a new session, in which you define the scan targets and options. Specify a host name, IP address, or import a list of targets from a text file. Nessus harnesses the popular free Network Mapper (Nmap) port scanner and provides additional port-scanning options--for example, pinging the targets or performing an SNMP port scan. You use the NessusWX UI to select plugins, as Figure 5 shows. This UI is responsive and easy to use. You can enable all plugins for a specific family, or you can enable plugins individually. A special Enable Non-DoS button turns on all the plugins that Nessus doesn't classify as dangerous (i.e., plugins that could harm a target system when Nessus intrusively scans for them), but be careful running the product on production systems, even when using this button.

The scan executes in a separate window that gives real-time progress of the results and shows you the number of found vulnerabilities (classified as Holes, Warnings, Infos, and Ports) and each vulnerability's severity (High, Medium, or Low). After the scan, NessusWX launches a Manage Session Results dialog box, which shows you the results for each host and lets you export them to an .html, .pdf, or text file. You can also export results to a MySQL database or proprietary file. These utilitarian reports also include a description of the found problems. NessusWX doesn't provide custom reporting or prebuilt reports that highlight a specific area. Rather, the results appear in a long list that you must wade through.

See associated table

   Previous  1  2  [3]  4  Next 


Top Viewed ArticlesView all articles
WinInfo Short Takes: Week of November 9, 2009

An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Windows 7 Sets Sales Record

Microsoft CEO Steve Ballmer described Windows 7's first ten days of sales as "fantastic" while in Japan yesterday. ...
Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education
Related Events WinConnections and Microsoft® Exchange Connections

Deep Dive into Windows Server 2008 R2 presented by John Savill

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
EMC SAN vs. DAS Exchange 2007 Calculator
Calculate your savings now!

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Disaster Recovery Strategies – Tips and Tricks
Determine how you can achieve your DR objectives as simply and cost-effectively as possible.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement