Finding Flaws in Your Network Armor
Keep your network thriving -- L3 Security Retriever inspects it for life-threatening intrusions.
Imagine, if you will, the days of
yore, when soldiers went into battle on horseback carrying
swords, javelins, and spears. To protect themselves
from the enemies they sought to vanquish, warriors wore
armor comprised of solid sheets of metal and chain mail.
If a warrior’s armor had chinks (small imperfections),
that warrior would most likely not return home from
battle since foes were well trained to locate such flaws.
You can imagine then, that warriors inspected their
As a network administrator you have
a similar problem. You need to be certain there are
no flaws in the armor of your network, or else hackers
well trained to find them can punch through your network.
Before you put your systems on the Internet or even
the LAN, you need to thoroughly inspect them for security
flaws. That’s where L-3 Network Security’s
Retriever 1.5 can help.
Before you can inspect your machines,
you need to know what and where they are. Retriever
excels in its ability to scan your network for devices.
While some security tools will discover an entire IP
subnet at a time, Retriever can discover an entire subnet
or just small sections. Once it has discovered the devices
on your network (it has a large database of known devices),
Retriever maps the network.
Each machine in the list has a set
of properties that you can view and modify. Some common
properties to work with might be the operating system
installed on each machine, machine name or MAC address,
IP address, or even the last time it was scanned for
flaws. Retriever is capable of holding this information
on each device on the network.
Inspecting Your Armor
Once Retriever has located all of
the machines on a network, it inspects them for security
problems. Retriever has a variety of reports, but the
most useful ones are the Vulnerability and Safeguard
Recommendations reports. You need only run the Vulnerability
report to find security risks on a specific machine,
but you can also run it on an entire list of machines.
You can also use the Safeguard Recommendations report
to prioritize which problems to fix first.
Retriever can also be used to find
modems on your network, allowed or otherwise. It does
this by dialing a series of phone numbers and cataloging
those that have modems attached to them. As long as
you know the phone numbers that belong to your organization,
this can work out great for keeping unauthorized modems
off the network.
Retriever also has a report scheduling
feature, which is handy for automating inspections.
With scheduling, you can automatically monitor your
network for changes in software and plug the security
holes that may come with that new software.
|Retriever’s Properties screen
is where you find statistical information on an
attached device or machine.
I discovered a few minor nuisances.
Although Retriever is fully capable of finding all kinds
of security holes, it can’t fix them. One other
minor problem: Once you fix a vulnerability, you have
to manually tell Retriever what you’ve done. If
you fix a problem and forget to make the necessary changes
to the object you’ve fixed, Retriever will return
inaccurate information when you run the Safeguard Recommendations
report. In fact, it will tell you that you should apply
the fix again, even though you already have. In an enterprise
environment, this can be a pain. Retriever should be
able to autodetect the fix.
The last problem is more of a nuisance:
If you use Retriever’s modem detection feature,
be careful about the numbers you dial. You might dial
the company president in a conference room only to have
that person pick up and hear a string of modem squelches
All that being said, you need protection
against those who exist only to smite your network.
Retriever does an admirable job of inspecting and reporting
back those problems, but it needs some tweaks to be
fully ready to help do battle on the enterprise front.
Joseph L. Jorden, MCSE, MCT, CCNA, CCDA is Chief Technical Officer for Dugger & Associates (www.Dugger-IT.com). He was one of the first 100
people to achieve the MCSE+I and one of the first 2,000 to become an MCSE under Windows 2000. Joseph frequently contributes to books from Sybex and various periodicals.