CyberCop blows the whistle on networks

In the shadowy world of computer security, a samurai is a specially trained

professional hired by a company to test its defenses by trying to break

into its computers. Although companies naturally don't like to talk about

the results of those assaults, the samurai are notoriously successful.

A major reason for this success is that network administrators tend

to spend so much time getting systems up and running that they tend to neglect

basic security tasks, such as ensuring that new security software patches

have been applied.

Vulnerability scanners such as PGP Security's CyberCop Scanner can save

time by automatically searching networks and identifying priority areas

where security holes need to be plugged.

CyberCop Scanner works with the Microsoft Corp. Management Console and

is easy to install. If you've had to install other scanners that require

complex security keys, you will appreciate PGP's open security philosophy,

which enables you to install the product without hindrance.

CyberCop's interface takes some getting used to, but after a little

time spent working with the program, it is easy to use and effective. Once

I was able to configure the program for my first scan, the results surprised


First of all, the scan was fast. No scan of an individual computer took

more than a minute. The scanning engine is multi-threaded and can scan more

than 100 computers at the same time. It also uses tricks such as identifying

the operating system on each computer, then doing only the tests appropriate

for that system. Scans that I expected to take hours took only minutes.

My second surprise was how many vulnerabilities were present on my personal

workstation. I take pride in monitoring and applying all new security patches

and in keeping my system secure. Yet CyberCop identified 75 areas where

I needed to attend to security issues.

CyberCop had no problem scanning my Windows 9x/NT/2000 hosts and my

routers. It scans a surprising number of other systems, including HP JetDirect print servers and NetWare servers.

I was satisfied with the bundled Seagate Software Crystal reports, and

the explanations of problems and how to correct them were complete, although

often esoteric. There were good tools to generate graphics.

After becoming comfortable with the CyberCop scans, I tried out the

selection of other tools. The Crack tool can be used to determine if there

are any easily guessable passwords being used. Crack uses traditional dictionary

attacks with some clever tricks to guess passwords. Because its purpose

is to detect insecure passwords, it does not perform serious brute-force

attacks using all possible passwords. The SMBGrind utility uses similar

methods to try to log into a computer remotely. If it succeeds, it immediately

logs off.

Another tool uses the Internet to automatically update the vulnerabilities

database. Before you buy CyberCop Scanner, you'll want to decide whether

to purchase one-year, two-year or perpetual licenses that include vulnerability


CyberCop includes some other valuable tools for testing security. One

of these is a separate program named CyberCop Sentry, which you run from

a PC on the other side of the firewall from the PC where CyberCop Scanner

is installed. CyberCop Scanner transmits special packets; if they get through

to the other side, then you know there is a leak in the firewall.

One of CyberCop Scanner's most advanced tools is Custom Audit Scripting

Language. Using CASL, you can create and send custom Internet Protocol packets

to simulate attacks on a network. Other key features include an ability

to audit DNS servers to validate security and a tool that tests any intrusion-detection

software you may have purchased to prove whether it's doing its job.

Compared to other vulnerability scanners, CyberCop is intended for the

hard-core security specialist rather than the novice. And I believe the

user interface could be made friendlier.

Nonetheless, I highly recommend CyberCop Scanner for all network administrators

because of its powerful features. Learning to apply its advanced tools to

strengthen your network will be a wise investment of your time.

Greer is a senior network analyst at a large Texas state agency. He can

be reached at [email protected]


CyberCop Scanner 5.5

Score: B+

PGP Security


Price and availability: A one-year license is $32 per node and $2,252 per 100-node server.

Remarks: CyberCop Scanner is a powerful tool designed to be used by trained security professionals identifying security vulnerabilities in networks with diverse operating systems. CyberCop Scanner has such a wealth of valuable features that network administrators who invest the time in learning to use it will be rewarded for their efforts. CyberCop runs on Microsoft Corp. WindowsNT/2000 and Red Hat Linux 5.x.

BY Earl Greer
Feb. 5, 2001

More Related Links


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.