WebTrends dispatches security agents
- By Eric Hammond
- May 22, 2000
The last time I checked out WebTrends Corp.'s Security Analyzer (Version
2.1), I found it a promising product that effectively helps system administrators
identify security problems on their networks and suggests fixes. Now, a
couple of revisions later, Security Analyzer Version 3.5, which began shipping
last month, reveals itself as a more polished product.
Starting with Version 3.0, WebTrends added to Security Analyzer support
for Red Hat Inc.'s Linux operating system and Sun Microsystems Inc.'s Solaris
operating system and also added Security Agent technology that allows systems
on the network to monitor themselves and report the results of their security
testing back to a centralized Security Analyzer console. That means that
monitoring doesn't have to consume nearly as much network and server bandwidth
and can happen in parallel across the enterprise.
The only significant draw-back is that the entire WebTrends Security
Analyzer application has to be installed on a system in order to install
the agent on it, at least on the Win32 platform. This is unfortunate because
you might not want users to have access to the Security Analyzer console.
On the plus side, beginning with version 3.0, WSA features autosync
technology to update its security test program via the Internet. This is
a critical feature for a security product, given the rapid proliferation
of security threats. With Version 3.5, the agents distributed across your
enterprise automatically update themselves and sync up to the console.
It takes only minutes to install Security Analyzer and get it up and
running. Installing the WSA console was a snap, but I found installing agents
a bit more involved. In fact, I had to dig through the CD to find the agents.
An install option for this step would be helpful.
I ran Security Analyzer against a small network of Windows and Linux
machines, and I found that the product does a nice job of probing machines,
even without an agent running on it. However, especially with desktop systems
that don't run a lot of services — as a server would — running the agent
on the machine is the sure-fire way to track down many security holes.
Given that Version 2.1 did very little to probe Unix vulnerabilities,
I was impressed with what Version 3.5 could tell me about my Red Hat Linux
box. WSA enumerated the services running on the machine quite effectively — a great first step toward securing a server. You can identify the services
that are running and turn off the ones you don't need. Hackers (usually)
can't exploit services that aren't running.
Another nice feature that WebTrends offers is the free 10-user license
for noncommercial use of the product, available for down-load on the company's
World Wide Web site. This is especially useful for small offices or telecommuters
who want to test the security of their broadband Internet access connections — a growing concern because cable modems and Digital Subscriber Line connections
make networks more vulnerable to attack.
If you are charged with securing your network, WebTrends' Security Analyzer
can help you quickly assess the security of a broad range of systems. With
the information you get from WSA, you can begin to prioritize your security
Hammond is a freelance writer based in Denver. He can be reached at [email protected]