| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 | ||||
 |
|
|||
 | ||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
 NEWSNetScanTools a boon for Windows security By Joel Scambray , For InfoWorld Test Center December 4, 1999 ANYONE WHO has ever done network troubleshooting or security analysis using Windows will inevitably lament that Unix users get all the neat security discovery tools. Because of its Internet heritage, Unix has always had an overabundance of developers willing to code port scanners, DNS interrogation tools, and a myriad of other utilities of irreplaceable value to network administrators.
Although you'll find a few strong competitors to NetScanTools (including the wonderful and free Sam Spade, at www.samspade.org/ssw, and WS_Ping ProPack, at www.ipswitch.com, for $37.50), NetScan-Tools' flexibility is hard to beat. Putting so many useful tools into a single interface should help your Windows network administrators respond more quickly to problems and spare your users from longer or more frequent delays. I tested NetScanTools Pro while conducting a security assessment of several Class C IP networks. Although the tools are most appropriate for security work, the various utilities can also prove useful in day-to-day network administration. The Ping and Traceroute tools, for example, are exceptionally fast and strong replacements for the built-in Windows tools, and utilities such as Whois are great additions to the Windows toolset. From the perspective of a security auditor, NetScanTools Pro will support preliminary information gathering all the way up to, but not including, exploitation of vulnerable services. The NetScanner tool performs basic network enumeration, combining Ping scan, name resolution (NetBIOS and DNS), and Media Access Control address resolution, if possible. If systems respond to Ping, you can use the Port Prober to scan for services on remote systems. It would be nice if systems identified by one tool (such as NetScanner) could automatically be fed into the input for other tools (such as the Port Prober). Digging a little deeper is as easy as calling up the Name Server Resolution tab, which can perform a bewildering array of queries against DNS servers (including the standard nslookup, Dig, and zone transfers). The SNMP tab will perform Get, Walk, and Set actions against remote agents using a custom-defined community string and Object Identifier. A convenient selection window lists the various SNMP Management Information Bases (MIBs) so that browsing for specific information is a snap. And the TCP Term tool will connect to any port using the Telnet protocol and allow ASCII text input, echoing service banners or other juicy information from the remote host. Port scanner a standout NetScanTools distinguishes itself in its port scanner, Port Prober. It accepts text files for both host target list and port list input, and it scans both TCP and User Datagram Protocol (UDP) (with user-definable timeout). You can even specify custom services for your port scans by editing the Services Database in the Database Tests tab. (The database is essentially a text file based on Request For Comments [RFC] 1060 and is easily manipulated within the GUI.) But best of all, Port Prober is fast. I probed a Class C network with a custom list of around 70 TCP and UDP ports commonly found to be vulnerable to security issues, and the scan completed in less than two hours with nary a blink from system resources, thanks to multithreading. I did encounter one problem with Port Prober. When scanning more than a single Class C IP range, NetScanTools Pro would unceremoniously exit midscan, losing any accumulated data. I contacted the vendor and they diagnosed the issue within a day and immediately promised a Service Pack; this rapid response garners high marks for customer service. Perhaps Northwest Performance Software will also grant my additional wishes for Port Prober: to release a command-line version (for scripting); allow the ability to specify TCP or UDP on a per-port basis (rather than having to set up separate scans for either); and organize scan results into numeric order by IP address. Also, Port Prober does not perform any stealth-scanning techniques such as SYN, FIN, or fragmentation, as does the popular Unix tool nmap. (Stealth scanning can trick a packet-filtering router or firewall into allowing the scan through to a "protected" network.) Even absent this wish list, Port Prober outshines nearly every other Windows port scanner, and even many Unix ones, that I've used. NetScanTools Pro has a host of other tools and features. (The default interface has 28 function tabs.) I also liked that output from every tool can be saved to a text file or e-mailed from within the GUI. Extra goodies include Internet RFCs accessible from within the GUI, and SNMP Management Information Bases available as text files. NetScanTools does have a few shortcomings. The GUI takes the standard Windows tabbed interface to extremes, bristling its jumble of tools in a hodgepodge that can make things hard to find. Fortunately, the Preferences tab allows users to decide which tabs are visible and their order. I also noted the omission of a few useful tools, including a Lightweight Directory Access Protocol query interface and a network throughput measurement tab. (WS_Ping ProPack has both.) A sophisticated Web server query tool (à la Sam Spade's Crawl Web site utility) would also be welcome. These shortcomings are minor, however; my only real hesitation was over the price, especially since most of these utilities are available in the public domain. Nevertheless, I think NetScanTools Pro provides a good value by aggregating all of these disparate tools into one interface and that it will pay for itself over the course of a year for a busy security professional. InfoWorld Security Watch colum-nist Joel Scambray (scambray@hackingexposed.com) is a manager in the eSecurity Solutions group at Ernst & Young as well as co-author of Hacking Exposed: Network Security Secrets & Solutions ( www.hackingexposed.com ).
 RELATED SUBJECTS  Network/System ManagementSPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
