Product Reviews

Finding Flaws in Your Network Armor

Keep your network thriving -- L3 Security Retriever inspects it for life-threatening intrusions.

Imagine, if you will, the days of yore, when soldiers went into battle on horseback carrying swords, javelins, and spears. To protect themselves from the enemies they sought to vanquish, warriors wore armor comprised of solid sheets of metal and chain mail. If a warrior’s armor had chinks (small imperfections), that warrior would most likely not return home from battle since foes were well trained to locate such flaws. You can imagine then, that warriors inspected their armor thoroughly.

As a network administrator you have a similar problem. You need to be certain there are no flaws in the armor of your network, or else hackers well trained to find them can punch through your network. Before you put your systems on the Internet or even the LAN, you need to thoroughly inspect them for security flaws. That’s where L-3 Network Security’s Retriever 1.5 can help.

Taking Inventory

Before you can inspect your machines, you need to know what and where they are. Retriever excels in its ability to scan your network for devices. While some security tools will discover an entire IP subnet at a time, Retriever can discover an entire subnet or just small sections. Once it has discovered the devices on your network (it has a large database of known devices), Retriever maps the network.

Each machine in the list has a set of properties that you can view and modify. Some common properties to work with might be the operating system installed on each machine, machine name or MAC address, IP address, or even the last time it was scanned for flaws. Retriever is capable of holding this information on each device on the network.

Inspecting Your Armor

Once Retriever has located all of the machines on a network, it inspects them for security problems. Retriever has a variety of reports, but the most useful ones are the Vulnerability and Safeguard Recommendations reports. You need only run the Vulnerability report to find security risks on a specific machine, but you can also run it on an entire list of machines. You can also use the Safeguard Recommendations report to prioritize which problems to fix first.

Retriever can also be used to find modems on your network, allowed or otherwise. It does this by dialing a series of phone numbers and cataloging those that have modems attached to them. As long as you know the phone numbers that belong to your organization, this can work out great for keeping unauthorized modems off the network.

Retriever also has a report scheduling feature, which is handy for automating inspections. With scheduling, you can automatically monitor your network for changes in software and plug the security holes that may come with that new software.

Retriever’s Properties screen is where you find statistical information on an attached device or machine.

The Drawbacks

I discovered a few minor nuisances. Although Retriever is fully capable of finding all kinds of security holes, it can’t fix them. One other minor problem: Once you fix a vulnerability, you have to manually tell Retriever what you’ve done. If you fix a problem and forget to make the necessary changes to the object you’ve fixed, Retriever will return inaccurate information when you run the Safeguard Recommendations report. In fact, it will tell you that you should apply the fix again, even though you already have. In an enterprise environment, this can be a pain. Retriever should be able to autodetect the fix.

The last problem is more of a nuisance: If you use Retriever’s modem detection feature, be careful about the numbers you dial. You might dial the company president in a conference room only to have that person pick up and hear a string of modem squelches and beeps.

All that being said, you need protection against those who exist only to smite your network. Retriever does an admirable job of inspecting and reporting back those problems, but it needs some tweaks to be fully ready to help do battle on the enterprise front.

About the Author

Joseph L. Jorden, MCSE, MCT, CCNA, CCDA is Chief Technical Officer for Dugger & Associates (www.Dugger-IT.com). He was one of the first 100 people to achieve the MCSE+I and one of the first 2,000 to become an MCSE under Windows 2000. Joseph frequently contributes to books from Sybex and various periodicals.

Featured

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.