CyberCop blows the whistle on networks
- By Earl Greer
- Jan 09, 2001
In the shadowy world of computer security, a samurai is a specially trained professional hired by a company to test its defenses by trying to break into its computers. Although companies naturally don't like to talk about the results of those assaults, the samurai are notoriously successful.
A major reason for this success is that network administrators tend to spend so much time getting systems to work that we tend to neglect basic security tasks, such as ensuring that new security software patches have been applied.
Vulnerability scanners such as PGP Security's CyberCop Scanner can save us time by automatically searching networks and identifying priority areas where we need to plug security holes.
CyberCop Scanner works with the Microsoft Corp. Management Console and is easy to install. If you've had to install other scanners that require complex security keys, you will appreciate PGP's open security philosophy that enables you to install the product without hindrance.
CyberCop's interface takes some getting used to, but after a little time spent working with the program, it is easy to use and effective. Once I was able to configure the program for my first scan, the results surprised me.
First of all, the scan was fast. No scan of an individual computer took more than a minute. The scanning engine is multi-threaded and can scan more than 100 computers at the same time. It also uses tricks such as identifying the operating system on each computer, then doing only the tests appropriate for that system. Scans that I expected to take hours took only minutes.
My second surprise was how many vulnerabilities were present on my personal workstation. I take pride in monitoring and applying all new security patches and in keeping my system secure. Yet CyberCop identified 75 areas where I needed to attend to security issues.
CyberCop had no problem scanning my Windows 9x/NT/2000 hosts and my routers. It scans a surprising number of other systems, including HP JetDirect print servers and NetWare servers.
I was satisfied with the bundled Seagate Software Crystal reports, and the explanations of problems and how to correct them were complete, although often esoteric. There were good tools to generate graphics.
After becoming comfortable with the CyberCop scans, I tried out the selection of other tools. The Crack tool can be used to determine if there are any easily guessable passwords being used. Crack uses traditional dictionary attacks with some clever tricks to guess passwords. Because its purpose is to detect insecure passwords, it does not perform serious brute-force attacks using all possible passwords. The SMBGrind utility uses similar methods to try to log into a computer remotely. If it succeeds, it immediately logs off.
Another tool uses the Internet to automatically update the vulnerabilities database. Before you buy CyberCop Scanner, you'll want to decide whether to purchase one-year, two-year or perpetual licenses that include vulnerability updates.
CyberCop includes some other valuable tools for testing security. One of these is a separate program named CyberCop Sentry, which you run from a PC on the other side of the firewall from the PC where CyberCop Scanner is installed. CyberCop Scanner transmits special packets and if they get through to the other side, then you know there is a leak in the firewall.
One of CyberCop Scanner's most advanced tools is Custom Audit Scripting Language. Using CASL, you can create and send custom Internet Protocol packets to simulate attacks on a network. Other key features include an ability to audit DNS servers to validate security and a tool that tests any intrusion-detection software you may have purchased to prove whether it's doing its job.
Compared to other vulnerability scanners, CyberCop is intended for the hardcore security specialist rather than the novice. And I believe the user interface could be made friendlier.
Nonetheless, I highly recommend CyberCop Scanner for all network administrators because of its powerful features. Learning to apply its advanced tools to strengthen your network will be a wise investment of your time.
Greer is a senior network analyst at a large Texas state agency. He can be reached at Earl.Greer@dhs.state.tx.us.