An Eye on Security
Retina puts several security tools into one package.
Making the comparison between preventing security attacks on networks and preventing known diseases in the human body is easy. I know that if I’m vulnerable to influenza, for example, I can inoculate myself and alleviate my fear of getting the flu. The same preventative measures hold true for computer networks. If I know I’m susceptible to a SQL Slammer virus, I can choose to download a hotfix and protect my SQL Server. This preparation relies on two very important points: that I know the Slammer virus exists and that I know that there’s a fix. eEye’s Retina uses an extensive and constantly updated database of known vulnerabilities to provide administrators with the information they need to prepare their servers against would-be attackers.
After a flawless install, Retina immediately began downloading updates from
its security database on the Web. There were several updates to apply. It
was comforting to note that, included in the list, there was a Microsoft
hotfix released just a few days earlier.
The Retina interface is clean and simple. There are four main areas to
navigate: Browser, Miner, Tracer and Scanner. I went right to the Scanner,
the most powerful of the four. Initiating the scan is as simple as typing
in an IP address and clicking the Start button. I used an internal IP
on a multihomed Web server. The Scanner does much more than a basic port
scan, such as accessing the remote system’s registry to check for applied
patches, as well as checking user-account vulnerabilities and other security
weaknesses. Even though I was using a server I knew wasn’t locked down,
I was still surprised by the audit area of the scan, which displayed several
potential threats, including Guest Access to Syslog and IP Services open
ports (See figure).
| eEye’s Retina performs
comprehensive scans for security
vulnerabilities. (Click image to view larger version.)
Retina does a great job of providing detailed reports on threats, such as
deficiencies stored as registry entries. It offers step-by-step instructions
on how to fix them—and goes a step further by providing a Fix It feature
that will do it for you at a click.
Retina offers an extensive knowledgebase of security issues. In addition, it has built-in links to popular security sites (which are best viewed within Retina’s own browser because of a useful tool that consolidates all of the links into an easily navigated pane). This was much easier than having to peruse entire Web sites to find links of interest.
Retina also has functionality to emulate a would-be attacker with its Miner
module, which attempts to find passwords and hidden Web pages from known
locations using a predefined “brain” file.
Retina, alone, doesn’t provide reactive measures, such as intrusion detection
and notification services. However, if used to its full potential, it’ll
greatly minimize the risk of disastrous attacks and provide fewer sleepless
nights. I recommend Retina as an excellent reporting tool to complement
an overall security plan.
Rodney Landrum is an MCSE working as a data analyst and systems engineer for a software development company in Pensacola, Florida. He has a new book from Apress entitled ProSQL Server Reporting Services.