Get a handle on fundamental system security

Labcal Technologies’ NetPulse 2000 is a management tool that helps you assess the fundamental security of your systems and apply prepackaged or custom security solutions. The product, which operates in Windows 2000 and Windows NT 4.0 environments, targets well-documented security problems. Although this functionality certainly isn’t groundbreaking, Labcal’s approach is unique. By designing NetPulse so that administrators with basic knowledge can secure their systems with minimal effort, the company has geared NetPulse directly toward the small to midsized organization. However, NetPulse can also operate in large environments.

NetPulse’s centralized management structure lets the software scan your entire network to locate hosts. Then you can instruct NetPulse to compare your systems’ existing security policies (or lack thereof) with NetPulse’s predefined policies. (To avoid interrupting regular network activity, you can schedule scans to run when network or server activity is at a minimum.) NetPulse targets security problems that you might consider standard, including basic user, OS, network share, and C2 security compliance. Unfortunately, the product doesn’t address problems specific to Microsoft IIS, DNS, or network services. NetPulse can automatically distribute predefined or custom policies to remote systems that don’t meet the policy requirements that you set.

After NetPulse assesses your systems and applies security policies, you can instruct the software to generate a variety of security status reports. You can configure NetPulse so that it reports on your entire network, specific shares, or specific accounts. The HTML-format reports are easily printable for use in presentations.

Installation and Configuration
I installed NetPulse on my 450MHz AMD K6-2 test system, which had 192MB of RAM and Win2K Server Service Pack 1 (SP1) installed. (Labcal recommends a minimum 90MHz Pentium processor, 32MB of RAM, and 70MB of hard disk space.) The installation process was predictably straightforward and quick. One question that the software asks concerns the mode in which you want the software to operate—Administrator or Auditor. Administrator mode gives you full control to make security changes, and Auditor mode limits you to only security assessment. I chose Administrator mode. At the end of the installation, NetPulse required a reboot to effect security modifications in the registry and system files.

After the restart, NetPulse displayed a window that prompted me for the type of discovery I wanted to perform. I could choose to scan the entire network or scan only the local domain or workgroup. I chose the Local Domain/Workgroup discovery option, then started the program. As Figure 1 shows, NetPulse’s main control screen lists domains, workgroups, and systems in the left pane and displays data such as current hidden or visible network shares in the right pane. From this window, you can manage the current system and all other systems on the network. The ability to expand treeviews simplifies management—particularly when you have more than one network to monitor.

NetPulse provides a NetBIOS-based automatic-detection feature for discovering systems on your network; however, if you have a computer that doesn’t respond, you can add it manually. Simply choose Network from the menu bar and select Computer Controls, Add Computer. Then, type the name of the system to add it to the list. This manual entry is certainly handy for one-time jobs. If you want to assemble systems into more specific groups, you can use a taskbar button to switch to the Group view, in which you can create the groups you want. Sorting systems into groups can help you apply specific settings to groups of systems that have similar requirements.

After I selected the system I wanted to assess from the main screen’s left pane, I clicked Assessment, Security Polices to create a custom security policy. The six-tabbed Security Policies menu, which Figure 2 shows, contains a plethora of management options. On this menu, I set the security settings that I wanted to implement on my system. The extensive menu is fairly easy to use. However, a couple of the tabs are poorly organized, so inexperienced administrators might have trouble navigating them. After I selected my options, I clicked Validate Policy to see whether the software detected any problems or contradictions (e.g., improper auditing options, nonexpiring passwords) with my selections. If you choose not to build a custom policy, you can select one of the three preset policies—Base Template (Account Policy & Audit Policy Only), Workstation Policy, or Server Policy—from the Policy drop-down menu.

To begin NetPulse’s security assessment (based on the custom options I’d selected), I chose Assessment, Data Acquisition from the Assessment drop-down menu. The system compared the system’s existing security with the custom policy that I had just built. When the software finished this quick assessment of the system’s security, a pop-up window let me browse the results. If NetPulse discovers a security hole, the software places a yellow diamond next to the name of the affected folder. If a problem is urgent, the software places an exclamation mark inside the diamond. You can then use the Security Policies menu’s six tabs to analyze information specific to scanned systems. Simply select a security category (i.e., User Accounts, Account Policy, Audit Policy, Computer Access, Security Permissions, or Add-ons & Updates), select the computer or group you want to analyze, and click Analyze. A pop-up Analysis window shows you a summary of that system or group’s security settings.

You can instruct NetPulse to proliferate security settings to multiple systems. Simply click Computer at the bottom of the Analysis window and select target systems. If you prefer to manually configure each setting, click Setting. The cursor then becomes a needle icon, with which you can "inject" settings into a system’s security policy. This feature provides for impressive flexibility—you might not want to implement some settings on some systems because they change other important settings or cause ill effects. A warning: I couldn’t find an easy way to back out of a security setting after I implemented it. With some effort, you can effect a manual change to reverse a setting, but Labcal should consider adding a toggle switch.

After you finish setting security on your systems, click Close. A pop-up Results window lists the systems whose security settings changed. NetPulse might require a system reboot for certain security modifications. In such cases, you can click Reboot to reboot immediately, or you can click Close and reboot at a later time. If you’re implementing multiple changes on more than one system, you can remotely reboot those systems—a terrific feature if you’re physically separated from the systems you need to reboot.

After you close the Results window, NetPulse displays the Assessment window, from which you can run reports or click Assessment Information to view the changes that NetPulse made to your systems and policies. You can see how previous settings compare with the new settings, letting you ensure that your intended changes have occurred.

A word about NetPulse’s instruction manual: Although it is well written, it doesn’t provide sufficiently helpful information about the software’s features. Beyond its basic information about setup and configuration, the manual will likely leave most users attempting trial-and-error methods while implementing security polices.

NetPulse provides your systems with essential security settings management from a fairly clean main interface. The product works fast and lets you access from one console helpful reports about the security settings of multiple systems. NetPulse’s affordable price makes the software particularly attractive to small or midsized businesses that can’t afford a security expert. Unfortunately, NetPulse lacks IIS fixes—such a limitation is an increasing liability in this day and age. Large companies that have dedicated security personnel won’t need to implement NetPulse as a primary security product, but might find it useful for establishing basic security on new systems. Labcal has produced a solid product that lets inexperienced administrators quickly perform basic security measures.

NetPulse 2000
Contact: Labcal Technologies * 877-752-2225
Price: $1995 for a 50-license pack; pricing peaks at $49,995 for 10,000 licenses; add 18 percent of cost for 1 year of maintenance and support
Decision Summary:
Pros: Easy to use; good selection of basic security policies; decent reporting capability; low price
Cons: Cluttered policy-assessment windows; fairly inadequate documentation; no Microsoft IIS-related fixes; difficult to reverse settings