Block, Then Tackle
Install HackerShield 2.0 on your NT network,and your boss might mistake you for a security expert.
- By Chip Andrews
HackerShield, which BindView bills as “the
easiest way to find and close security holes on your network,”
is targeted directly at the network admin who just doesn’t
have the time nor inclination to become a security guru overnight
because the boss just read about the latest hack in the newspaper.
I’ve never seen a product that tries so hard to remove
me from the gory details of network-wide systems vulnerability
testing. Once the product is installed, it’s perhaps
the finest example of fully automated security scanning software
on the market.
I began the installation with the HackerShield
2.0 CD, a 25-IP device license, and a Rapidfire Update license.
Soon after the installation process began I was stopped dead
with: “Error During Setup – Registry Permission.”
The tech support staff (who were quite quick) made an initial
accusation that I was using Windows 2000 (which I wasn’t)
and we eventually worked out that the permission problems
were caused by my application of the Security Configuration
Editor (from Service Pack 4) using a Hisecdc.inf policy. I
was facing a deadline (aren’t we all?) so the product
was eventually installed on a vanilla (SP4–no SCE) server
I had lying around. That installation went without a hitch.
Now that the pain of installation was over,
I was able to see what HackerShield had to offer. The installation
adds four new services to your NT machine and an NT user account
used during the scanning process. The basic steps for operation
are as follows:
Define your subnets
Add machines in those subnets to various
Schedule scans/reports of the scan
The ability to segment my network scans
and to execute scans and reporting unattended were very welcome
additions. With a proper installation, a system admin could
have regular reports sent to various personnel using custom
reports or the built-in reports targeted at executives, admins,
and managers. Without a doubt, HackerShield had some of the
best security information detail of any system scanner I’ve
ever used. Explanations included history of the exploit, definitions
of terminology, and the appropriate actions needed for plugging
a hole. I especially liked the ability to export reports to
an Access database for further analysis and the ability to
produce differential reports so you can monitor when those
pesky user reconfigurations occur.
HackerShield separates itself from most
scanners in several ways. It:
Automatically downloads and installs
security updates by polling a POP3 account, making maintenance
100 percent unattended.
Can “AutoFix” certain holes
found on machines it scans.
Has exceptional password-cracking features
and was quicker than much of the competition in this regard.
Has job scheduling features that can
save administrators from hours of scripting.
Is capable of automated re-scanning
of the network, to find those ubiquitous new machines
that may periodically pop up all over the network.
I did find several shortcomings (besides
the aforementioned installation problems):
Alerting features were limited to email
and SNMP (Bindview says more alerting features are in
It produced too many false-positives
for my taste, including warnings such as “TCP open
ports” and “Web Server Listening” (typical
in products of this type)
- It also seemed overly NT-centric and
might not be the best choice for heterogeneous networks
(most notably missing are Unix Autofix support and a Unix
|For a security product, HackerShield
2.0 is incredibly easy to use, and includes reports with
problem histories, definitions, and suggested course of
action for plugging potential security leaks.|
I find that despite these issues I’d
definitely recommend the product to an NT shop without a security
administrator on staff. Once installed, HackerShield was stable,
easy to use, a breeze to administer, and even serves as a
great educational tool for those wanting to know the whole
story behind host-based security problems.
Chip Andrews, MCSE+I, MCDBA is a software security architect at (Clarus Corp.). Chip maintains the (sqlsecurity.com) Web site and speaks at security conferences on SQL Server security issues.