Content area
Full text
SECURITY
IP360 Vulnerability Management System employs deep scanning to accurately ID network, app
THEORETICALLY, SCANNING a network should be benign. Probing workstations and servers shouldn't interrupt the normal functionality of those systems. In practice, however, this may not be the case.
Many network scanners are not always harmless and can crash services, causing unnecessary pain. The nCircle IP360 Vulnerability Management System's scanning appliances are designed to eliminate that problem by providing thorough and concise data on the state of system security throughout a network. The IP360 does its job quite well.
A good vulnerability scanner can determine the host OS definitively, report on services running on the host, and document any known vulnerabilities. nCircle's solution involves deep reflex scanning, which pairs a simple port scan with more thorough examination of each host, including registry scanning on Windows systems and true service identification to identify services at the application level. This approach means the IP360 can identify known services running on unknown ports, such as a Web server running on port 2155.
Beyond Port Scans
A typical IP360 deployment requires multiple hardware components: a VnE (Vulnerabilities and Exposures) engine and a DP (Device Profiler).
The VnE is the base of operations. It runs the browser-based management console and houses the database of scanning information. Based on FreeBSD 4.7, the VnE is available in two flavors, a single-CPU IDE RAID version and a dual-CPU SCSI RAID version. The former supports as many as 20 DPs; the latter can handle as many as 100.