Fears over network security and the ease with which it can be compromised have given rise to a plethora of managed services with anti-virus and email scanning prime examples. Qualys is a good example of this approach, offering a managed service that promises to tell you how vulnerable your network is to external attack.
However, it is internal security that is now the hot topic as the majority of breaches occur within a company’s network. Consequently, Qualys has decided to bring its weight to bear on this problem by offering a new service that extends its vulnerability scanning capabilities behind the firewall and onto the local network.
The Intranet Scanner product includes a small appliance that acts as a go-between for your network and the Qualys web-based services. It receives instructions from Qualys which tell it which systems are to be scanned and the tests to be carried out. On completion it passes all its findings back to Qualys where you can log-on to your private location on the website and view the results.
During this review, Qualys went to some lengths to stress that the appliance does not store any information about your network whatsoever so there’s no point in nicking it.
We found installation simple enough and you start by entering basic network details using the appliance’s control pad and LCD display panel. After entering information about our DHCP and proxy servers, along with SSL port number and account username and password, the appliance contacted Qualys and registered itself. From here on in you don’t need to touch the appliance again as you use the Qualys website to carry out all management, configuration and reporting.
From your own home page you can enter the IP addresses you want scanned and the price of the service is determined by the number of addresses and scans required. Note that once entered you cannot change or delete the IP addresses yourself so if you want to scan new machines you’ll have to purchase extra licenses.
You determine the type of scan from the ‘preferences’ tab which offers full or partial scans and options for scanning the standard collection of around 1,800 TCP ports and adding additional port numbers. Five settings also determine the amount of network bandwidth the scan process is allowed to consume and the depth of scanning.
The latter feature is where Qualys scores above and beyond the competition as it uses an attack database which lists many thousand of weaknesses and these are regularly updated whenever a new threat is identified. Any modifications are easily deployed as the database is downloaded to the appliance along with your parameters every time a scan is initiated.
Even a brief glance at the scan results of our test network showed clearly how powerful the Qualys service is. Whereas ISS Internet Scanner 7.0 (IS7) spotted around a dozen security leaks or holes on some of our test servers, the Intranet Scanner found 129 vulnerabilities on only three Windows Server systems and none of these were trivial as we had deliberately left them open to attack. Qualys had no problems identifying and scanning our Windows Server 2003 systems.
During testing of IS7 we discovered that not only was it unable to correctly identify this OS but couldn’t scan it either. Qualys doesn’t worry so much about OS identification but it certainly had no problems with this OS. Not only does it find vulnerabilities and threats but the Intranet Scanner advises on how to plug them as well. We were impressed with the extensive reporting tools provided on the website.
During testing we encountered no problems with the Intranet Scanner and found it extremely easy to use. The comparatively high price will limit its appeal for small and medium businesses but it is undoubtedly a very sophisticated vulnerability scanning service that delivers a huge amount of easily accessible information about the state on your local network.
Pricing for the Qualys service is subject to the prevailing Australian exchange rate at the time of purchase according to Lester Dreckow, of Denver Technology, Qualys' premium Australian reseller partner. He says scanning of internal networks requires the purchase of the appliance and an annual scanning subscription. The subscription is tailored to the client's network architecture and requirements; either based on the number of IP addresses to be scanned (for an unlimited number of scans), or on the number of scans per year (not limited to specific IP addresses).
Price: QualysGuard Intranet Scanner Appliance from AUD $5,060 including GST.
Plus: QualysGuard Per IP Address Subscription, Unlimited Use (Annual Price)AUD$1,640 including GST
Or: QualysGuard Per Scan Subscription, 100 Scans (Annual Price) AUD $4,070 including GST.