[ Go to October 1997 Table of Contents ]

NT Enterprise
NT Feature
Hack Yourself

-- by David Hafke

Our network may have been designed with security in mind, but that's no excuse for resting on your laurels. After all, the task of identifying and resolving new security threats is one of Herculean proportions. Enter SAFEsuite from Internet Security Systems.

SAFEsuite includes three security assessment tools: System Security Scanner (S3), RealSecure and Internet Scanner. RealSecure and Internet Scanner run on NT and UNIX. S3 only runs on UNIX, although an NT release is imminent.

S3 scans for operating system configuration weaknesses that could allow unauthorized users to gain network access. Potential weaknesses include file permissions and ownership, easily guessed passwords and account setup.

RealSecure is a packet sniffer geared toward protecting your data from internal threats, such as malicious acts committed by disgruntled employees. Attempts to access a remote registry, null sessions or password lists, or to read/write to a protected share constitute a threat. However, many attacks can be so brief and focused that they cannot be stopped. RealSecure will detect them and identify the offender, so you can hold guilty parties accountable.

Once a security breach is detected, it alerts the administrator via e-mail or pager, saves the activity to a log and terminates the connection.


The final SAFEsuite component, Internet Scanner, has three subcomponents: Firewall Scanner, Web Security Scanner, and Intranet Scanner, all of which are available for UNIX and NT machines. These tools allow you to audit, monitor and respond to security issues across an enterprise network.

Internet Scanner identifies known vulnerabilities in Web servers, firewalls and client/server operating systems. It searches for network devices, such as servers, workstations, firewalls and routers, and presents them in a tree hierarchy, so you can select the systems that you want scanned. The scan can launch a denial-of-service attack, but by default the attacks are not actually performed. If successful, such attacks cause systems to hang.

After the scan is completed, a list of vulnerabilities is displayed for each host. The vulnerabilities rank from low to high, depending on the risks they represent. Most low-risk weaknesses aren't vulnerabilities but instead may give hackers information about your network. For example, every system on our network came up with a traceroute vulnerability. While this really isn't an immediate vulnerability, it provides a potential hacker with the path that packets follow to reach certain systems.

If you right-click on a vulnerability in the list and then click on What's This, a help window pops up; it specifically explains the risk and how to fix it. The window also gives you a URL link that, when clicked on, provides security patches, fixes and service packs.

Report writer

Internet Scanner generates reports in either text or HTML format. In HTML, you get an easy-to-read document with hyperlinks to bug fixes and patches. If you scan regularly, you can generate a progress report that illustrates how many holes have been plugged since your last scan.

Internet Security Systems regularly provides updates so its tools will detect the latest hacking techniques. You can download these patches from the company's Web site.

Overall, we found this package impressive. In fact, we use it regularly on our own network.



Bottom Line: Must-have utility for anyone who's serious about network security
Price: System Security Scanner, $495 per single server; RealSecure, $4,995; Internet Scanner, $1,495 per firewall, $495 per Web server, $795 for 10 workstations
Pros: Patches available to update scanner; robust reporting capabilities; intuitive user interface
Cons: Reports tend to be quite large
Strongest Rival: None at this time

Internet Security Systems, 800-776-2362, 770-395-0150. Winfo #865

Windows Magazine, October 1997, page NT18.

[ Go to October 1997 Table of Contents ]