Only months away from the end of the year, many network administrators are still focused on solving the year-2000 problem in their enterprises. By now, you should be turning your attention also to the growing problem of security, especially as new network breaches are reported every month. To help you get a handle on security issues in your network without ignoring outstanding year-2000 issues, Cisco has released NetSonar Security Scanner 2.0 for NT.
Cisco is positioning NetSonar as an integral part of its security strategy - and for good reason. NetSonar scans your network and analyses the potential security-breach points of nodes. Following a scan, it generates various reports, from an executive summary of the network's security holes to a detailed technical analysis defining the problems and the documented suggestions to solve them. New to this version are full-featured support for Windows NT, increased network-vulnerability scanning, Web-based updates, and a major drop in price.
When compared to competing products, including Internet Security System's Internet Scanner, Network Associates' CyberCop, and Axent's NetRecon, NetSonar 2.0 holds its own, with a comparable feature set at a highly competitive price. The rapid analysis NetSonar provides lets you effectively diagnose and respond to security issues, preventing potential security nightmares that could not only cost you time and data, but also bring your network to a grinding halt. NetSonar is a powerful tool with only a few minor drawbacks.
I reviewed NetSonar 2.0 while still in the middle of my year-2000 analysis. The security vulnerability audit I did provided interesting, if somewhat embarrassing, results about my network. By categorising the severity of problems, I was able to quickly see the highest-priority holes to fix. The proposed solutions offered by NetSonar included links to service packs and related documentation on the Internet.
When I launched the product, I was presented with a Java-based GUI, which was well-done, but not as attractive as most Windows 32-bit-based applications.
Furthermore, the interface was slow in providing visual feedback about its reaction time. The usual Windows hourglass was missing, so I thought NetSonar had stopped responding when it was actually performing normally.
The main window shows a tree-view of NetSonar sessions. Each session denotes a scan of the network and has several results, graphs, and reports associated with it.
With each scan I ran, NetSonar probed each network node for vulnerabilities. I could limit the probing to a large number of points of vulnerability from specific host machines to particular ports. NetSonar also let me choose various preconfigured probe settings for performing quick scans. Or I could entirely customise the scan to include certain points of vulnerability, such as machines with guest-account access to the registry.
But NetSonar's reporting function is where it really proves its worth. After running a session, I was able to produce myriad HTML-formatted reports that ranged from executive summaries to a detailed technical breakdown of the potential points of failure. Contained within the report summary is an analysis of the possible or verifiable security or year-2000 problems and links to a database of possible preventative remedial actions. Every other month, Cisco updates the database, which it provides as a download to customers.
Another powerful reporting feature is NetSonar's grid of gathered data. This grid let me alternate the X-axis and Y-axis and see data in a different way. For example, I could display a list of OSes against the vulnerabilities found. With one click of the Swap Axis button, I changed the view to see how many OSes were affected by a specific vulnerability. This capability is very useful when working on a specific vulnerability or an OS.
My overall experience with the product was very good. NetSonar offers an easy way for network administrators of any level of expertise to quickly find potential security and year-2000 problems. If you want to probe deeper and analyse different vulnerabilities at different times of the day, NetSonar provides the functionality to do it with excellent analysis and recommendations for fixes. The user interface could be slightly improved, but it is functional and relatively easy to use.
(Before joining a Silicon Valley company as a product manager, Andy Nelson (email@example.com) was at Computerworld affiliate InfoWorld Test Centre as a technology analyst focusing on network-related software.)The bottom line: very goodNetSonar Security Scanner 2.0 for NTSummary: This solid tool scans Windows NT networks for potential security vulnerabilities, and its year-2000 compliancy feature exposes any OS that still needs a fix. Vulnerability summaries provide excellent data on security issues.
Business Case: Holes in your network security can lead to the loss of intellectual property, which could cost thousands of dollars. NetSonar 2.0 lets you consistently check for security problems and suggests solutions quickly and efficiently at a low cost.
+ Y2K-compliant scanning and reporting
+ Extensive network security via Cisco's Network Security Database+ Detailed problem causes and fixes and updated security signatures via the Web+ Customisable vulnerability rules+ Scheduled scans increase overall reporting pictureCons- Java interface slow to reactCost: $US495, scans 2,500 unrestricted networked nodesPlatforms: Windows NT 4.0; SPARC Solaris and Solaris x86 versions also availableCisco Systems http://www.cisco.com