Product Reviews

How Secure is Your Network? Retina 3.0

Seven network scanners test your security before the crackers do.

Retina 3.0 is a fast, convenient scanner (a newer version of Retina, 4.0, has since been released). We used the free evaluation version, but the commercial version has some additional features. Within a couple of minutes, Retina produced a report with an accurate description of the target system. About 15 serious vulnerabilities were reported. Similar to Nessus, Retina reported NetBIOS NULL enumeration and FTP Write permission granted to anonymous users as "Serious." However, it reported things such as the Denial of Service condition due to incorrectly fragmented IP packets (see Knowledge Base article Q259728, "Windows Hangs with Fragmented IP Datagrams"), which was fixed on our test computer through the application of Service Pack 2. Some other false positives included Guest access to the Security logs, though the scanner was correct in determining Guest's View access to Application and System logs. The evaluation version didn't perform any SNMP checks and, unlike Nessus, didn't report anything related to SNMP.

Retina
Retina’s scanner uses an Outlook-like interface to organize a good deal of information. Here is a list of security issues, with the most serious issues sorted to the top of the list. (Click image to view larger version.)

Retina has a ports database, which a user can add to, delete from, or modify. By default, Retina scans nearly 1,500 "interesting" ports on the target computer. Retina was unable to detect Back Orifice 2000 installed on a non-standard port. The evaluation version of Retina includes port scanning, OS detection, information gathering, vulnerability scanning and auto-updating. The commercial version adds attack simulation to Retina's capabilities.

About the Author

Greg Saoutine, MCSE, is an IT Consultant working in New York City.

Featured

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.