How Secure is Your Network? Retina 3.0
Seven network scanners test your security before the crackers do.
- By Greg Saoutine
Retina 3.0 is a fast, convenient scanner (a newer version
of Retina, 4.0, has since been released). We used the
free evaluation version, but the commercial version
has some additional features. Within a couple of minutes,
Retina produced a report with an accurate description
of the target system. About 15 serious vulnerabilities
were reported. Similar to Nessus, Retina reported NetBIOS
NULL enumeration and FTP Write permission granted to
anonymous users as "Serious." However, it reported things
such as the Denial of Service condition due to incorrectly
fragmented IP packets (see Knowledge Base article Q259728,
"Windows Hangs with Fragmented IP Datagrams"), which
was fixed on our test computer through the application
of Service Pack 2. Some other false positives included
Guest access to the Security logs, though the scanner
was correct in determining Guest's View access to Application
and System logs. The evaluation version didn't perform
any SNMP checks and, unlike Nessus, didn't report anything
related to SNMP.
|Retina’s scanner uses an Outlook-like
interface to organize a good deal of information.
Here is a list of security issues, with the most
serious issues sorted to the top of the list. (Click
image to view larger version.)
Retina has a ports database, which a user can add to,
delete from, or modify. By default, Retina scans nearly
1,500 "interesting" ports on the target computer. Retina
was unable to detect Back Orifice 2000 installed on
a non-standard port. The evaluation version of Retina
includes port scanning, OS detection, information gathering,
vulnerability scanning and auto-updating. The commercial
version adds attack simulation to Retina's capabilities.
Greg Saoutine, MCSE, is an IT Consultant working in New York City.