Product Reviews

An Eye on Security

Retina puts several security tools into one package.

Making the comparison between preventing security attacks on networks and preventing known diseases in the human body is easy. I know that if I’m vulnerable to influenza, for example, I can inoculate myself and alleviate my fear of getting the flu. The same preventative measures hold true for computer networks. If I know I’m susceptible to a SQL Slammer virus, I can choose to download a hotfix and protect my SQL Server. This preparation relies on two very important points: that I know the Slammer virus exists and that I know that there’s a fix. eEye’s Retina uses an extensive and constantly updated database of known vulnerabilities to provide administrators with the information they need to prepare their servers against would-be attackers.

After a flawless install, Retina immediately began downloading updates from its security database on the Web. There were several updates to apply. It was comforting to note that, included in the list, there was a Microsoft hotfix released just a few days earlier.

The Retina interface is clean and simple. There are four main areas to navigate: Browser, Miner, Tracer and Scanner. I went right to the Scanner, the most powerful of the four. Initiating the scan is as simple as typing in an IP address and clicking the Start button. I used an internal IP on a multihomed Web server. The Scanner does much more than a basic port scan, such as accessing the remote system’s registry to check for applied patches, as well as checking user-account vulnerabilities and other security weaknesses. Even though I was using a server I knew wasn’t locked down, I was still surprised by the audit area of the scan, which displayed several potential threats, including Guest Access to Syslog and IP Services open ports (See figure).

eEye Retina
eEye’s Retina performs comprehensive scans for security
vulnerabilities. (Click image to view larger version.)

Retina does a great job of providing detailed reports on threats, such as deficiencies stored as registry entries. It offers step-by-step instructions on how to fix them—and goes a step further by providing a Fix It feature that will do it for you at a click.

Retina offers an extensive knowledgebase of security issues. In addition, it has built-in links to popular security sites (which are best viewed within Retina’s own browser because of a useful tool that consolidates all of the links into an easily navigated pane). This was much easier than having to peruse entire Web sites to find links of interest.

Retina also has functionality to emulate a would-be attacker with its Miner module, which attempts to find passwords and hidden Web pages from known locations using a predefined “brain” file.

Retina, alone, doesn’t provide reactive measures, such as intrusion detection and notification services. However, if used to its full potential, it’ll greatly minimize the risk of disastrous attacks and provide fewer sleepless nights. I recommend Retina as an excellent reporting tool to complement an overall security plan.

About the Author

Rodney Landrum is an MCSE working as a data analyst and systems engineer for a software development company in Pensacola, Florida.  He has a new book from Apress entitled ProSQL Server Reporting Services.

Featured

  • Microsoft Clarifies Project Cortex's Scope, IT Controls and Product Delivery in Q&A

    Microsoft recently offered a Q&A session on Project Cortex, its emerging "knowledge network" solution for Microsoft 365 users.

  • How To Use .CSV Files with PowerShell, Part 2

    In the second part of this series, Brien shows how to import a .CSV file into a PowerShell array, including two methods for zooming in on just the specific data you need and filtering out the rest.

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.