Product Reviews

An Eye on Security

Retina puts several security tools into one package.

Making the comparison between preventing security attacks on networks and preventing known diseases in the human body is easy. I know that if I’m vulnerable to influenza, for example, I can inoculate myself and alleviate my fear of getting the flu. The same preventative measures hold true for computer networks. If I know I’m susceptible to a SQL Slammer virus, I can choose to download a hotfix and protect my SQL Server. This preparation relies on two very important points: that I know the Slammer virus exists and that I know that there’s a fix. eEye’s Retina uses an extensive and constantly updated database of known vulnerabilities to provide administrators with the information they need to prepare their servers against would-be attackers.

After a flawless install, Retina immediately began downloading updates from its security database on the Web. There were several updates to apply. It was comforting to note that, included in the list, there was a Microsoft hotfix released just a few days earlier.

The Retina interface is clean and simple. There are four main areas to navigate: Browser, Miner, Tracer and Scanner. I went right to the Scanner, the most powerful of the four. Initiating the scan is as simple as typing in an IP address and clicking the Start button. I used an internal IP on a multihomed Web server. The Scanner does much more than a basic port scan, such as accessing the remote system’s registry to check for applied patches, as well as checking user-account vulnerabilities and other security weaknesses. Even though I was using a server I knew wasn’t locked down, I was still surprised by the audit area of the scan, which displayed several potential threats, including Guest Access to Syslog and IP Services open ports (See figure).

eEye Retina
eEye’s Retina performs comprehensive scans for security
vulnerabilities. (Click image to view larger version.)

Retina does a great job of providing detailed reports on threats, such as deficiencies stored as registry entries. It offers step-by-step instructions on how to fix them—and goes a step further by providing a Fix It feature that will do it for you at a click.

Retina offers an extensive knowledgebase of security issues. In addition, it has built-in links to popular security sites (which are best viewed within Retina’s own browser because of a useful tool that consolidates all of the links into an easily navigated pane). This was much easier than having to peruse entire Web sites to find links of interest.

Retina also has functionality to emulate a would-be attacker with its Miner module, which attempts to find passwords and hidden Web pages from known locations using a predefined “brain” file.

Retina, alone, doesn’t provide reactive measures, such as intrusion detection and notification services. However, if used to its full potential, it’ll greatly minimize the risk of disastrous attacks and provide fewer sleepless nights. I recommend Retina as an excellent reporting tool to complement an overall security plan.

About the Author

Rodney Landrum is an MCSE working as a data analyst and systems engineer for a software development company in Pensacola, Florida.  He has a new book from Apress entitled ProSQL Server Reporting Services.


comments powered by Disqus

Subscribe on YouTube