Product Reviews

Finding Flaws in Your Network Armor

Keep your network thriving -- L3 Security Retriever inspects it for life-threatening intrusions.

Imagine, if you will, the days of yore, when soldiers went into battle on horseback carrying swords, javelins, and spears. To protect themselves from the enemies they sought to vanquish, warriors wore armor comprised of solid sheets of metal and chain mail. If a warrior’s armor had chinks (small imperfections), that warrior would most likely not return home from battle since foes were well trained to locate such flaws. You can imagine then, that warriors inspected their armor thoroughly.

As a network administrator you have a similar problem. You need to be certain there are no flaws in the armor of your network, or else hackers well trained to find them can punch through your network. Before you put your systems on the Internet or even the LAN, you need to thoroughly inspect them for security flaws. That’s where L-3 Network Security’s Retriever 1.5 can help.

Taking Inventory

Before you can inspect your machines, you need to know what and where they are. Retriever excels in its ability to scan your network for devices. While some security tools will discover an entire IP subnet at a time, Retriever can discover an entire subnet or just small sections. Once it has discovered the devices on your network (it has a large database of known devices), Retriever maps the network.

Each machine in the list has a set of properties that you can view and modify. Some common properties to work with might be the operating system installed on each machine, machine name or MAC address, IP address, or even the last time it was scanned for flaws. Retriever is capable of holding this information on each device on the network.

Inspecting Your Armor

Once Retriever has located all of the machines on a network, it inspects them for security problems. Retriever has a variety of reports, but the most useful ones are the Vulnerability and Safeguard Recommendations reports. You need only run the Vulnerability report to find security risks on a specific machine, but you can also run it on an entire list of machines. You can also use the Safeguard Recommendations report to prioritize which problems to fix first.

Retriever can also be used to find modems on your network, allowed or otherwise. It does this by dialing a series of phone numbers and cataloging those that have modems attached to them. As long as you know the phone numbers that belong to your organization, this can work out great for keeping unauthorized modems off the network.

Retriever also has a report scheduling feature, which is handy for automating inspections. With scheduling, you can automatically monitor your network for changes in software and plug the security holes that may come with that new software.

Retriever’s Properties screen is where you find statistical information on an attached device or machine.

The Drawbacks

I discovered a few minor nuisances. Although Retriever is fully capable of finding all kinds of security holes, it can’t fix them. One other minor problem: Once you fix a vulnerability, you have to manually tell Retriever what you’ve done. If you fix a problem and forget to make the necessary changes to the object you’ve fixed, Retriever will return inaccurate information when you run the Safeguard Recommendations report. In fact, it will tell you that you should apply the fix again, even though you already have. In an enterprise environment, this can be a pain. Retriever should be able to autodetect the fix.

The last problem is more of a nuisance: If you use Retriever’s modem detection feature, be careful about the numbers you dial. You might dial the company president in a conference room only to have that person pick up and hear a string of modem squelches and beeps.

All that being said, you need protection against those who exist only to smite your network. Retriever does an admirable job of inspecting and reporting back those problems, but it needs some tweaks to be fully ready to help do battle on the enterprise front.

About the Author

Joseph L. Jorden, MCSE, MCT, CCNA, CCDA is Chief Technical Officer for Dugger & Associates ( He was one of the first 100 people to achieve the MCSE+I and one of the first 2,000 to become an MCSE under Windows 2000. Joseph frequently contributes to books from Sybex and various periodicals.

comments powered by Disqus
Most   Popular