[ Go to October 1997 Table of Contents ]|
-- by David Hafke
Our network may have been designed with security in mind, but that's no excuse for resting on your laurels. After all, the task of identifying and resolving new security threats is one of Herculean proportions. Enter SAFEsuite from Internet Security Systems.
SAFEsuite includes three security assessment tools: System Security Scanner (S3), RealSecure and Internet Scanner. RealSecure and Internet Scanner run on NT and UNIX. S3 only runs on UNIX, although an NT release is imminent.
S3 scans for operating system configuration weaknesses that could allow unauthorized users to gain network access. Potential weaknesses include file permissions and ownership, easily guessed passwords and account setup.
RealSecure is a packet sniffer geared toward protecting your data from internal threats, such as malicious acts committed by disgruntled employees. Attempts to access a remote registry, null sessions or password lists, or to read/write to a protected share constitute a threat. However, many attacks can be so brief and focused that they cannot be stopped. RealSecure will detect them and identify the offender, so you can hold guilty parties accountable.
Once a security breach is detected, it alerts the administrator via e-mail or pager, saves the activity to a log and terminates the connection.
The final SAFEsuite component, Internet Scanner, has three subcomponents: Firewall Scanner, Web Security Scanner, and Intranet Scanner, all of which are available for UNIX and NT machines. These tools allow you to audit, monitor and respond to security issues across an enterprise network.
Internet Scanner identifies known vulnerabilities in Web servers, firewalls and client/server operating systems. It searches for network devices, such as servers, workstations, firewalls and routers, and presents them in a tree hierarchy, so you can select the systems that you want scanned. The scan can launch a denial-of-service attack, but by default the attacks are not actually performed. If successful, such attacks cause systems to hang.
After the scan is completed, a list of vulnerabilities is displayed for each host. The vulnerabilities rank from low to high, depending on the risks they represent. Most low-risk weaknesses aren't vulnerabilities but instead may give hackers information about your network. For example, every system on our network came up with a traceroute vulnerability. While this really isn't an immediate vulnerability, it provides a potential hacker with the path that packets follow to reach certain systems.
If you right-click on a vulnerability in the list and then click on What's This, a help window pops up; it specifically explains the risk and how to fix it. The window also gives you a URL link that, when clicked on, provides security patches, fixes and service packs.
Internet Scanner generates reports in either text or HTML format. In HTML, you get an easy-to-read document with hyperlinks to bug fixes and patches. If you scan regularly, you can generate a progress report that illustrates how many holes have been plugged since your last scan.
Internet Security Systems regularly provides updates so its tools will detect the latest hacking techniques. You can download these patches from the company's Web site.
Overall, we found this package impressive. In fact, we use it regularly on our own network.