CyberCop blows the whistle on networks
- By Earl Greer
- Feb 04, 2001
In the shadowy world of computer security, a samurai is a specially trained
professional hired by a company to test its defenses by trying to break
into its computers. Although companies naturally don't like to talk about
the results of those assaults, the samurai are notoriously successful.
A major reason for this success is that network administrators tend
to spend so much time getting systems up and running that they tend to neglect
basic security tasks, such as ensuring that new security software patches
have been applied.
Vulnerability scanners such as PGP Security's CyberCop Scanner can save
time by automatically searching networks and identifying priority areas
where security holes need to be plugged.
CyberCop Scanner works with the Microsoft Corp. Management Console and
is easy to install. If you've had to install other scanners that require
complex security keys, you will appreciate PGP's open security philosophy,
which enables you to install the product without hindrance.
CyberCop's interface takes some getting used to, but after a little
time spent working with the program, it is easy to use and effective. Once
I was able to configure the program for my first scan, the results surprised
First of all, the scan was fast. No scan of an individual computer took
more than a minute. The scanning engine is multi-threaded and can scan more
than 100 computers at the same time. It also uses tricks such as identifying
the operating system on each computer, then doing only the tests appropriate
for that system. Scans that I expected to take hours took only minutes.
My second surprise was how many vulnerabilities were present on my personal
workstation. I take pride in monitoring and applying all new security patches
and in keeping my system secure. Yet CyberCop identified 75 areas where
I needed to attend to security issues.
CyberCop had no problem scanning my Windows 9x/NT/2000 hosts and my
routers. It scans a surprising number of other systems, including HP JetDirect print servers and NetWare servers.
I was satisfied with the bundled Seagate Software Crystal reports, and
the explanations of problems and how to correct them were complete, although
often esoteric. There were good tools to generate graphics.
After becoming comfortable with the CyberCop scans, I tried out the
selection of other tools. The Crack tool can be used to determine if there
are any easily guessable passwords being used. Crack uses traditional dictionary
attacks with some clever tricks to guess passwords. Because its purpose
is to detect insecure passwords, it does not perform serious brute-force
attacks using all possible passwords. The SMBGrind utility uses similar
methods to try to log into a computer remotely. If it succeeds, it immediately
Another tool uses the Internet to automatically update the vulnerabilities
database. Before you buy CyberCop Scanner, you'll want to decide whether
to purchase one-year, two-year or perpetual licenses that include vulnerability
CyberCop includes some other valuable tools for testing security. One
of these is a separate program named CyberCop Sentry, which you run from
a PC on the other side of the firewall from the PC where CyberCop Scanner
is installed. CyberCop Scanner transmits special packets; if they get through
to the other side, then you know there is a leak in the firewall.
One of CyberCop Scanner's most advanced tools is Custom Audit Scripting
Language. Using CASL, you can create and send custom Internet Protocol packets
to simulate attacks on a network. Other key features include an ability
to audit DNS servers to validate security and a tool that tests any intrusion-detection
software you may have purchased to prove whether it's doing its job.
Compared to other vulnerability scanners, CyberCop is intended for the
hard-core security specialist rather than the novice. And I believe the
user interface could be made friendlier.
Nonetheless, I highly recommend CyberCop Scanner for all network administrators
because of its powerful features. Learning to apply its advanced tools to
strengthen your network will be a wise investment of your time.
Greer is a senior network analyst at a large Texas state agency. He can
be reached at Earl.Greer@dhs.state.tx.us.