Product Reviews

Block, Then Tackle

Install HackerShield 2.0 on your NT network,and your boss might mistake you for a security expert.

HackerShield, which BindView bills as “the easiest way to find and close security holes on your network,” is targeted directly at the network admin who just doesn’t have the time nor inclination to become a security guru overnight because the boss just read about the latest hack in the newspaper. I’ve never seen a product that tries so hard to remove me from the gory details of network-wide systems vulnerability testing. Once the product is installed, it’s perhaps the finest example of fully automated security scanning software on the market.

I began the installation with the HackerShield 2.0 CD, a 25-IP device license, and a Rapidfire Update license. Soon after the installation process began I was stopped dead with: “Error During Setup – Registry Permission.” The tech support staff (who were quite quick) made an initial accusation that I was using Windows 2000 (which I wasn’t) and we eventually worked out that the permission problems were caused by my application of the Security Configuration Editor (from Service Pack 4) using a Hisecdc.inf policy. I was facing a deadline (aren’t we all?) so the product was eventually installed on a vanilla (SP4–no SCE) server I had lying around. That installation went without a hitch.

Now that the pain of installation was over, I was able to see what HackerShield had to offer. The installation adds four new services to your NT machine and an NT user account used during the scanning process. The basic steps for operation are as follows:

  1. Define your subnets

  2. Add machines in those subnets to various scan groups

  3. Schedule scans/reports of the scan groups

The ability to segment my network scans and to execute scans and reporting unattended were very welcome additions. With a proper installation, a system admin could have regular reports sent to various personnel using custom reports or the built-in reports targeted at executives, admins, and managers. Without a doubt, HackerShield had some of the best security information detail of any system scanner I’ve ever used. Explanations included history of the exploit, definitions of terminology, and the appropriate actions needed for plugging a hole. I especially liked the ability to export reports to an Access database for further analysis and the ability to produce differential reports so you can monitor when those pesky user reconfigurations occur.

HackerShield separates itself from most scanners in several ways. It:

  • Automatically downloads and installs security updates by polling a POP3 account, making maintenance 100 percent unattended.

  • Can “AutoFix” certain holes found on machines it scans.

  • Has exceptional password-cracking features and was quicker than much of the competition in this regard.

  • Has job scheduling features that can save administrators from hours of scripting.

  • Is capable of automated re-scanning of the network, to find those ubiquitous new machines that may periodically pop up all over the network.

I did find several shortcomings (besides the aforementioned installation problems):

  • Alerting features were limited to email and SNMP (Bindview says more alerting features are in the works).

  • It produced too many false-positives for my taste, including warnings such as “TCP open ports” and “Web Server Listening” (typical in products of this type)

  • It also seemed overly NT-centric and might not be the best choice for heterogeneous networks (most notably missing are Unix Autofix support and a Unix installation).

For a security product, HackerShield 2.0 is incredibly easy to use, and includes reports with problem histories, definitions, and suggested course of action for plugging potential security leaks.

I find that despite these issues I’d definitely recommend the product to an NT shop without a security administrator on staff. Once installed, HackerShield was stable, easy to use, a breeze to administer, and even serves as a great educational tool for those wanting to know the whole story behind host-based security problems.

About the Author

Chip Andrews, MCSE+I, MCDBA is a software security architect at (Clarus Corp.). Chip maintains the (sqlsecurity.com) Web site and speaks at security conferences on SQL Server security issues.

comments powered by Disqus
Most   Popular