How Secure is Your Network? ISS Network Scanner 6.1
Seven network scanners test your security before the crackers do.
- By Greg Saoutine
Internet Security Systems' Network Scanner 6.1 is a
widely used commercial network-scanning product. It's
known for its timely vulnerability updates and vast
reporting capabilities. ISS took 26 minutes to perform
a port (a SYN scan of 65,535 ports) and vulnerability
scan and reported one serious vulnerability: SNMP default
community strings. ISS also reported on NetBIOS NULL
enumeration and FTP Write permission granted to anonymous
users, but classified them as "Medium" in terms of severity,
while Nessus (reviewed later) marked the same vulnerabilities
as "High." Take that as a lesson that seriousness ratings
are very useful, but subjective. The person performing
the scan should have a clear understanding of what constitutes
a risk for the environment under consideration (for
example, a DMZ vs. an isolated network segment) and
how high the risk is for this specific environment.
|ISS organizes a lot of information
on a compact interface, such as this list of checks
that were made and the vulnerabilities uncovered.
Note the multiple tabbed dialogs. (Click image to
view larger version.)
ISS features port scanning (see the figure), OS detection,
information gathering, vulnerability scanning and attack
simulation, as well as auto updating of its vulnerability
database. The software provided a fairly accurate description
of the system and didn't report any false positives
in our test. However, the product didn't detect Back
Orifice 2000 listening on a random port during the second
round of testing.
Greg Saoutine, MCSE, is an IT Consultant working in New York City.