CyberCop blows the whistle on networks

In the shadowy world of computer security, a samurai is a specially trained

professional hired by a company to test its defenses by trying to break

into its computers. Although companies naturally don't like to talk about

the results of those assaults, the samurai are notoriously successful.

A major reason for this success is that network administrators tend

to spend so much time getting systems up and running that they tend to neglect

basic security tasks, such as ensuring that new security software patches

have been applied.

Vulnerability scanners such as PGP Security's CyberCop Scanner can save

time by automatically searching networks and identifying priority areas

where security holes need to be plugged.

CyberCop Scanner works with the Microsoft Corp. Management Console and

is easy to install. If you've had to install other scanners that require

complex security keys, you will appreciate PGP's open security philosophy,

which enables you to install the product without hindrance.

CyberCop's interface takes some getting used to, but after a little

time spent working with the program, it is easy to use and effective. Once

I was able to configure the program for my first scan, the results surprised

me.

First of all, the scan was fast. No scan of an individual computer took

more than a minute. The scanning engine is multi-threaded and can scan more

than 100 computers at the same time. It also uses tricks such as identifying

the operating system on each computer, then doing only the tests appropriate

for that system. Scans that I expected to take hours took only minutes.

My second surprise was how many vulnerabilities were present on my personal

workstation. I take pride in monitoring and applying all new security patches

and in keeping my system secure. Yet CyberCop identified 75 areas where

I needed to attend to security issues.

CyberCop had no problem scanning my Windows 9x/NT/2000 hosts and my

routers. It scans a surprising number of other systems, including HP JetDirect print servers and NetWare servers.

I was satisfied with the bundled Seagate Software Crystal reports, and

the explanations of problems and how to correct them were complete, although

often esoteric. There were good tools to generate graphics.

After becoming comfortable with the CyberCop scans, I tried out the

selection of other tools. The Crack tool can be used to determine if there

are any easily guessable passwords being used. Crack uses traditional dictionary

attacks with some clever tricks to guess passwords. Because its purpose

is to detect insecure passwords, it does not perform serious brute-force

attacks using all possible passwords. The SMBGrind utility uses similar

methods to try to log into a computer remotely. If it succeeds, it immediately

logs off.

Another tool uses the Internet to automatically update the vulnerabilities

database. Before you buy CyberCop Scanner, you'll want to decide whether

to purchase one-year, two-year or perpetual licenses that include vulnerability

updates.

CyberCop includes some other valuable tools for testing security. One

of these is a separate program named CyberCop Sentry, which you run from

a PC on the other side of the firewall from the PC where CyberCop Scanner

is installed. CyberCop Scanner transmits special packets; if they get through

to the other side, then you know there is a leak in the firewall.

One of CyberCop Scanner's most advanced tools is Custom Audit Scripting

Language. Using CASL, you can create and send custom Internet Protocol packets

to simulate attacks on a network. Other key features include an ability

to audit DNS servers to validate security and a tool that tests any intrusion-detection

software you may have purchased to prove whether it's doing its job.

Compared to other vulnerability scanners, CyberCop is intended for the

hard-core security specialist rather than the novice. And I believe the

user interface could be made friendlier.

Nonetheless, I highly recommend CyberCop Scanner for all network administrators

because of its powerful features. Learning to apply its advanced tools to

strengthen your network will be a wise investment of your time.

Greer is a senior network analyst at a large Texas state agency. He can

be reached at Earl.Greer@dhs.state.tx.us.

REPORT CARD

CyberCop Scanner 5.5

Score: B+

PGP Security

(888)747-3011

www.pgp.com

Price and availability: A one-year license is $32 per node and $2,252 per 100-node server.

Remarks: CyberCop Scanner is a powerful tool designed to be used by trained security professionals identifying security vulnerabilities in networks with diverse operating systems. CyberCop Scanner has such a wealth of valuable features that network administrators who invest the time in learning to use it will be rewarded for their efforts. CyberCop runs on Microsoft Corp. WindowsNT/2000 and Red Hat Linux 5.x.

BY Earl Greer
Feb. 5, 2001

More Related Links

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.