Tighten security

Securing your Windows NT systems is tedious, and without a good security scanner you might overlook vulnerabilities that you need to correct. WebTrends Security Analyzer 2.0 helps ensure that you don't leave security-related items unchecked. The product is easy to use and fits well into almost any network.

The core of WebTrends Security Analyzer's problem-detection ability is its Security Test Library, which contains a series of vulnerability tests that the product can perform. You can connect to this library at WebTrends' Web site to download the latest tests.

With WebTrends Security Analyzer, you can develop your own vulnerability tests using WebTrends' Platform for Open Security Testing (POST), a Security Developers Kit (SDK) for Perl and C. You can also use the POST SDK to customize data type views, modify how the product views data stored in its database, and channel collected data to an external viewer. The POST SDK and Security Test Library let you maintain an up-to-date set of Windows-related vulnerabilities and contribute your scans into the public domain. WebTrends accepts, certifies, and adds these custom scans to its online Security Test Library.

Much of a security scanner's value is its ability to report on its scans. WebTrends Security Analyzer lets you customize its reports and output them to an HTML file, as Screen 1 shows, or to Microsoft Word or Excel documents. The software can automatically send reports via email using SMTP or Messaging API (MAPI) mail interfaces.

At press time, WebTrends Security Analyzer tested for 286 security-related items. (WebTrends expects this number to be 408 with version 2.1, which should be available when you read this review.) In comparison, Internet Security Systems' (ISS's) Internet Scanner and Network Associates' CyberCop Scanner test for about 500 security-related items. And, unlike Internet Scanner, WebTrends Security Analyzer uses Microsoft's built-in TCP/IP stack instead of a custom packet driver, so it can't test for problems such as IP spoofing.

WebTrends Security Analyzer performs fairly comprehensive tests, but it doesn't include checks for Denial of Service (DoS) attacks. For example, I didn't find a test for the Ping of Death, but the software has tests for desktop applications such as Microsoft Outlook and Internet Explorer (IE). Unlike Netect's HackerShield, WebTrends Security Analyzer can't fix the security problems it detects, but its reports contain Web links to hotfixes and relevant Microsoft Knowledge Base articles and security bulletins. The software also can't perform password-strength testing, but version 2.1 will have this functionality. Additionally, you can install the product as an NT service, schedule security scans to run regularly, and email reports.

Installing and using the product was easy. I tested the product on an NT 4.0 workstation and conducted scans against an NT 4.0 server running Site Server 3.0 Commerce Edition. The product has a well-designed user interface (UI), and you can access all scanning and reporting features with a few mouse clicks. To define and execute a scan, you tell the product which hosts to scan and which tests to perform. You can save scan profiles to use later or to compare saved scans with ensuing scans.

After my scan completed, I clicked the Report button on the toolbar and launched a report wizard. The wizard let me control the type of report to generate (i.e., current or comparative scan), the output format and content, the visual style, and whether to produce a file-based report or an email-based report.

WebTrends Security Analyzer is a good product with a bright future. The product is a great fit for shops that are based primarily on Windows platforms.

WebTrends Security Analyzer 2.0
Contact: WebTrends * 503-294-7025
Web: http://www.webtrends.com
Price: Starts at $1499 per subnet
System Requirements: Windows NT 4.0 or Windows 9x, 64MB of RAM, 40MB of hard disk space