by September 17, 2001 0 comments

Webtrends Security Analyzer Pro V3.5 detects vulnerabilities on machines running on different platforms on your network, from Windows 98/NT/2000 to even Linux and Sun Solaris. You can test both servers and user desktops with it. The software has over a thousand tests to detect these vulnerabilities. It can also be updated when new vulnerabilities emerge.

Webtrends Security Analyzer Pro V3.5
Price: Rs 99, 950
Features: Multiple OS support includes Windows 9x/NT/2000, Linux, and Solaris; reports in HTML or MS Word format; scheduling, updates tests from the web; SDK for developing new tests.
Pros: Supports multiple platforms; scan any machine on the network from a central location; excellent reporting with detailed solutions.
Cons: Deploying client agents is tedious
Contact: Summit InfoTech. Tel: 011-6517995, Fax: 6854711. C-3, 2nd Floor, Community Centre, SDA New Delhi 110016.

We reviewed the Professional Edition, which can scan a single machine or an unlimited number on a single subnet. The software can be deployed in two ways. One is to simply install the whole package on a machine and run the required tests. This is suitable for a small network having a few Windows-based machines. The other option is for larger networks having a mix of Windows- and Unix-based machines. Here, you have to install the Security Analyzer on a Windows NT/2000 machine. You need to install a small agent software on all machines you want to analyze. This runs locally on each machine and then reports the results back to the host machine. You can also test remote machines over the network without installing the agent, but this takes up much more bandwidth, and gives only partial results. This is because it is performing a remote scan and hence access restrictions will come into play.

Installing Security Analyzer is simple, but deploying the agents is slightly tedious. Before you can install an agent on any machine you need to generate an AgentDat file, in which you have to specify the port through which the host and agent will communicate, and also an encryption key which will encrypt all data flowing to and from the host and the agent. Once this file is generated, you have to physically go to each machine and copy this AgentDat file on it, and then install the agent. This agent then stays in the background, and tests the machine whenever it receives a command to do

The various tests in Security Analyzer have been classified into groups such as Backdoors, Proxy/firewall, Mail Server, and File Access Control. Apart from these default policies, you can also create your own. For example you might want to run a different set of tests for your Windows 98 machines, and a completely different set for your Web server running on a Unix-based machine.

All tests have their own short descriptions. After you scan a machine, it gives you a report of all vulnerabilities it found and also how to remove it, either by following some steps, or giving you a link to a Website from where you can download a patch. During our tests we found that some links had moved, so we were not able to download the respective patches.

The package has very good reporting capabilities. You can create reports based on your scans, choose the report format (HTML or Word document), select the content of your reports, and also specify whether to save the report locally or FTP or even e-mail it. Other features of the software include scheduling, which means you can set the date and time and scans will automatically initiate and you will get a report. It also has a feature called AutoSync, which connects to the server via the Internet and downloads tests, which may have come out to test a new vulnerability. It would have been nice if this feature also updated the links for all the patches.

The package also includes a security development kit (SDK), which allows you to create your very own customized tests. It also provides the crowbar API, a set of pre-written functions, which you can use to make your own tests. The test scripts have to be written either in Perl, or in the form of DLLs. A separate manual has been devoted for the creation of new tests using their SDK.

Overall, the software is quite useful for large corporates, as it not only detects system vulnerabilities, but also provides solutions. Smaller companies, however, may find it a bit expensive.

Sachin Makhija at PCQ Labs

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.