Retina is a popular network-security utility to detect vulnerabilities and loopholes on specific machines or a set of machines on your network or the Internet. It has a browser like interface; in fact, it has an embedded version of IE and you can browse websites through it.
|
All functionality in Retina is controlled through modules. It comes with four modules: Scanner, Miner, Tracer and Browser. Of these, the first two detect vulnerabilities on a regular computer or a Web server. Tracer is similar to the popular trace-route program found in most OSs, and with the Browser you can browse the Web through Retina’s interface.
We tried many security scans with Retina, and found it pretty quick to detect vulnerabilities. It generates an audit listing the vulnerabilities in the host machine(s), arranged by the risk level of high, medium and low. It can do vulnerability audits for many systems and services, including NetBIOS, HTTP, CGI, FTP, SMTP, DNS, DoS and registry. It also provides other useful information about the hosts, such as the number of ports open, the OS running and the users and accounts. Besides Windows, Retina can scan OSs likeLinux and various UNIX flavors. During our tests, it easily detected a RedHat Linux server.
An interesting and powerful new feature of Retina is CHAM (Common Hacking Attach Methods). In this, it uses the common techniques used by hackers to get into or attack a system. It does this for the FTP, POP3, SMTP, and HTTP services by default. If it finds any vulnerability, it lists it in the audit; otherwise it leaves the audit blank. Such that a user is not confused, however, it would make sense if the software say that no vulnerability was found. The Miner module has a similar problem.
Besides these, you can define separate policies to check for specific vulnerabilities. The report-creation capability of Retina is also pretty good, as it generates a full HTML report. You can save scans done by Retina and access them later. You can also add Plug-ins to enhance Retina’s capabilities. There’s an Audits wizard to add more vulnerabilities that Retina should look for and an auto update feature that updates the number of vulnerabilities Retina can detect. This wizard runs by first turning off the Retina interface, downloading the updates, and then restarting it to update.
the bottom line: A very useful utility for organizations not very familiar with network security, as this scans and creates reports automatically.
Anil Chopra at PCQ Labs