Product Reviews

How Secure is Your Network? ISS Network Scanner 6.1

Seven network scanners test your security before the crackers do.

• By Greg Saoutine
• 09/01/2001

Internet Security Systems' Network Scanner 6.1 is a widely used commercial network-scanning product. It's known for its timely vulnerability updates and vast reporting capabilities. ISS took 26 minutes to perform a port (a SYN scan of 65,535 ports) and vulnerability scan and reported one serious vulnerability: SNMP default community strings. ISS also reported on NetBIOS NULL enumeration and FTP Write permission granted to anonymous users, but classified them as "Medium" in terms of severity, while Nessus (reviewed later) marked the same vulnerabilities as "High." Take that as a lesson that seriousness ratings are very useful, but subjective. The person performing the scan should have a clear understanding of what constitutes a risk for the environment under consideration (for example, a DMZ vs. an isolated network segment) and how high the risk is for this specific environment.

ISS organizes a lot of information on a compact interface, such as this list of checks that were made and the vulnerabilities uncovered. Note the multiple tabbed dialogs. (Click image to view larger version.)

ISS features port scanning (see the figure), OS detection, information gathering, vulnerability scanning and attack simulation, as well as auto updating of its vulnerability database. The software provided a fairly accurate description of the system and didn't report any false positives in our test. However, the product didn't detect Back Orifice 2000 listening on a random port during the second round of testing.