Users login

Create an account »


Users login

Home » Hacking News » Smart security: network scanners

Smart security: network scanners

by Nikola Strahija on October 30th, 2002 Don't wait for a hacker to show you where your network's vulnerabilities lie. Be smart, and use a network scanner with intelligence--artificial intelligence (AI), to be precise.

That's what the latest generation of network vulnerability scanners do--they probe your network in order to learn its weaknesses. Some scanner makers, though, shy away from calling the process AI, at least partly for marketing reasons. As explained by Dave Cole, director of products at scanner vendor Foundstone in Mission Viejo, CA: "Maybe it's AI at some basic level, but that is not what the customers are focusing on--they are having enough trouble with standard vulnerabilities."

But whatever the process is called, network vulnerability scanners combine databases of known security problems with complex logic to find security weaknesses before a human hacker does. The software generates a list of problems that it finds, and often includes notes on how to correct them, explained Mike Rasmussen, an analyst at Giga Information Group. Network scanners do not, however, look for vulnerabilities in the configuration of a given host, or in application code--host scanners and code scanners do that.

Scanners also don't guarantee security, since minor holes may still be exploited by an expert, while major holes may only lead to an impenetrable firewall. "It's not a question of whether you are safe, but of how protected you are," said Oliver Day, sales engineer at eEye Digital Security in Aliso Viejo, CA, which has a scanning product called Retina. "You will never know that until you gauge it, and you can't do it just once and leave it at that."

Meanwhile, scanning just the perimeter (the ports facing the outside world) is not enough--you also have to look at the interior of the network, since attacks originate there, too. Day recalled a client who discovered that someone had installed a wireless access point in an empty cubical with an open network port. This allowed the person to sit in the parking lot and divert network traffic, Day explained.

"Gentleness" is a quality more often emphasized by scanner vendors, meaning their software shouldn't crash running systems. First-generation software would query ports with non-compliant requests to see what operating system responded, but that method could crash networked printers and industrial equipment that possessed limited error responses, Cole explained.

Rasmussen said the leading network vulnerability scanning software packages are Internet Scanner from Internet Security Systems (ISS); newcomer Cyc Corp.'s CycSecure; eEye's Retina; Foundstone's FoundScan; NetRecon 5 from Symantec; and a French freeware product called Nessus.

By Lamont Wood

- article available at -

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »