| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
Golden Guardian award runners-up present some encouraging news in security field OUR YEARLY Golden Guardian award recognizes the outstanding work of security product vendors for their efforts in delivering valuable security products to the public. (For the winners, see "Personal firewall, user packet filtering share this year's Golden Guardian award," Jan. 17, page 74.) But frequently we come across products that don't fit the traditional mold of full-blown commercial security tools. This week we highlight those products, which include freeware, shareware, and nonsecurity products -- all of which can be used to secure your networks.
But there are other uses of VMware in security: The product can be used as a "honey pot," tempting those wily attackers into your NT lair, yet all the while running under Linux. With sufficient logging and monitoring of the activity on the NT partition, one could track and record the activities of the attacker and store them on the Linux system by sending them via syslog to the Linux IP address. And the "undoable disk" feature of VMware allows you to back off the changes made after the attack, starting fresh for the next victim. Unfortunately, you cannot review the actual changes made to the partition. This function would be an enormous resource for later forensic analysis. The only other concern we have about the product will likely disappear with time and ever-decreasing hardware prices: The guest operating system performs fairly slow when using the virtual 2GB hard-drive option. Although not intended as a security product, VMware does offer the functionality to dramatically increase your security endeavors. Another company worthy of Golden Guardian mention is SolarWinds (www.solarwinds.net). We have written about SolarWinds in past columns, and we use their products religiously during assessments. We consider the IP Network Browser to be the definitive SNMP discovery and enumeration tool available for NT. SolarWinds also produces an entire suite of network management tools, including a Cisco router password decryptor and configuration file downloader. In the Golden Guardian freeware category, the new world of fast, flexible NT port scanners was born with two products released this year. One is SuperScan 2.06, by Robin Keir (www.keir.net). The best feature of SuperScan is the price: It's free! Keir fixed a few of SuperScan 2.06's operational bugs and added some key security features, such as banner grabbing, reading hosts from a file, and adjustable, on-the-fly threading. One can only imagine what stellar features he'll add next. Another NT-based port scanner that has always grabbed our attention is NetScanTools Pro 2000, from Northwest Performance Software (www.nwpsw.com). NetScanTools provides many other network-testing utilities, such as SNMP enumeration, DNS interrogation, and so on, but we think its port scanner incorporates some important features: list-based input for both target IPs and ports, the capability of scaling to huge host ranges, and multithreaded speed. NetScanTools' port scanner output could be simplified, and the price of around $150 seems high in comparison to SuperScan, but this is another one to keep your eye on. What tools do you use to tighten your systems? Do you prefer commercial or freeware tools? Let us know at security_watch@infoworld.com. Stuart McClure is an independent security consultant at Rampart Security Group. Joel Scambray is a consultant at Ernst & Young.  RELATED SUBJECTS  SecurityMORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
