Full Text

Anyone with common sense has a bit of trepidation about connecting a local-area network to the Internet. Most attention is directed at a firewall's ability to withstand ne'er-do-wells who want to do anything from poking holes for fun to pernicious hacking. Two products I tested this month take a holistic, if alarming, approach to systems security.

It's mandatory to identify the weaknesses in systems, whether they exist at Internet links or at internal information systems sources. One company, ISS, has several products in the security testing space. The lead product is SafeSuite, which combines a number of products into a comprehensive, enterprise approach to systems security. This review covers two elements of the SafeSuite product line that are sold as individual products: Internet Security Scanner 5.6.2 and RealSecure 3.0. Competitors include Network Associates' Sniffer, NetCracker, HP OpenView and Optimal Networks.

Scan attack

Internet Security Scanner is designed to be a hostile attacker. You can choose between four types of simulated attack, ranging from "Light" to "Heavy." ISS makes the product available on AIX, HP/UX, Irix, Linux, Solaris, SunOS and Windows NT Server. I chose Linux and NT Server. It's best to dedicate a server of either type, as I found that CPU utilization can peak during test cycles.

ISS supplies software that only runs under TCP/IP and within verified address ranges, so that it can't be used against someone unwittingly. Keys are sent, enabling different parts of the software within the legally allocated address space. The software can detect and probe NetWare servers as well as any TCP/IP-connected device. I installed the package on Linux, only to discover that my favourite network card couldn't be used - a Linux failing. I installed over NT Server (workstation can be used) 4.0 Service Pack 4 (required) with several security modifications.

I then scanned two different networks. The first test scanned the unsecure, followed by the secure side of a 100-plus node network; the second scrutinized the standard setup in the lab. The program probed the first network using a built-in wizard. I used a "Light" attack to start, as heavy attacks can actually bring down servers and cause denial-of-service attacks. Only two items were tested, because they were the only devices on that segment: the router...