Advertisement
Promo

Security management Toolkit

Smart security: network scanners

Lamont Wood ZDNet US

Published: 06 Nov 2002 10:00 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Christopher Klaus, founder and CTO of ISS (which Rasmussen identifies as the market leader) likened the task of the scanner to "twisting the door knobs to find out what vulnerabilities exist." He preferred to use the term "expert rules" instead of AI. He said his software will scan ports on a network and use information it has picked up at one port, such as insecure passwords, to attempt penetrations elsewhere. (He says ISS can penetrate most corporate networks because in-house programmers often use Web ports for other applications, such as instant messaging.)

At Symantec, NetRecon product manager Harold Toomey also preferred the term "expert system." He boasted that his product also uses progressive scanning, but added that it emphasises safety -- it won't crash a trading floor, he said.

At eEye, Retina uses an AI feature called Common Hacking and Attack Methods (CHAM), explained Day. CHAM includes intelligent algorithms that look for buffer overflow and Web server protocol weaknesses. Plus, it can be set to perform network-wide or selective sweeps, at pre-set times and intervals, Day said.

At Foundstone, Cole indicated that the details of how the scanning is done are secondary. "The challenge is to communicate the risk in business terms," he said. To that end, he said FoundScan emphasises accurate but "gentle" scans, combined with guidance on fixing whatever problems it uncovers.

At Cyc Corp., they freely admit to using AI. The company, it turns out, is the last traditional AI firm, having spent the last 18 years developing a database with second-order predicate calculus intended to endow software with common sense.

Cyndy Matuszek, CycSecure's project manager, said the product (still in beta) not only generates a list of vulnerabilities, it uses AI to generate an "impact statement" so that the users can judge which vulnerabilities are worth their attention. "Of five hundred problems on a network, only 20 may play into problems that you care about," she noted. It also uses AI to find vulnerabilities that would be more obvious to a human than to a machine, like pet names used as passwords, and knowing that it is suspicious if anyone but the system administrator installs a packet sniffer.

All the products scan TCP/IP networks. Pricing for Foundstone's FoundScan starts at $35,000 for up to 256 IP addresses; maintenance costs extra. The software runs on a Widows host.

Retina from eEye also runs on Windows, and costs $6,520 for one scanner, and up to 256 IP addresses. Each scanner license, or "activation key," handles up to 512 IP addresses. The annual price of maintenance is around 30 percent of initial purchase price.

The single-machine version of ISS's Internet Scanner, which also runs on Windows, is a free download; but a license for 250 devices will cost you $6,095; a perpetual license for 250 devices costs $11,400. Both prices include maintenance.

Pricing for NetRecon 3.5 starts at $3,995 for up to 256 IP addresses, or $19,995 for an unlimited number. It runs on a Windows host. The annual cost of maintenance is 18 percent or 25 percent of the original price, depending on how much support you want.

CycSecure runs on a secure (Linux-based) server. The cost is reportedly "several thousand dollars" for the server, and then $10 to $100 per IP address, depending on the scale.

The Nessus Security Scanner is a free download that runs on Unix-like systems, such as Solaris, FreeBSD, and Linux.

So, while they may call the process various names, what's important is that these systems will probe your network like a hacker would, poking and prodding it with patience and expertise you hope no hacker will ever possess. Putting an AI scanner in your corner should keep your network from being knocked out by the human variety.

Have your say instantly in the Tech Update forum.

Find out what's where in the new Tech Update with our Guided Tour.

Let the editors know what you think in the Mailroom.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
104 out of 207 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

59 comments

  1. my computer has been invaded by smart security on... gillian mary holland
  2. I HAVE THIS SAME PROBLEM!!! How do you remov... Kelli
  3. I cannot find the 'Cali student' instructions... Mike
  4. Thank you for your information. Can you tell me ho... Anonymous
  5. ok, this is how you remove it. right click at the... Anonymous
  6. I too, have just been hijacked by these moron... Anonymous
  7. Thank you for the help in removing this... Anonymous
  8. Thank you! Thank you! Thank you! S... Anonymous
  9. Man! Thank you!! I was really gettin... Anonymous
  10. can i just say a HUGE thanks to the student f... Svend
  11. Thanks for the advice over here, I looke... Sander
  12. i followed everyones advise on here... jen
  13. Ok... I have a friend who has this probl... brewer
  14. I just spent 3 days trying to rid this f***er... Anonymous
  15. wow! thank you student in cali, you are aweso... hiroyuki
  16. Smart-Security Oh these people really suck! L... Anonymous
  17. whoever did this smart security thing should... Anonymous
  18. I have no security tab on my desktop/web wind... makie
  19. i really wish i read this before i tried to g... Anonymous
  20. My right click button doesnt work, how can i... April
  21. Removing it from the desktop is addresses just one... Jessica
  22. Jessica, I tried to do what you said to get r... Mike B.
  23. Thanx to student from cali !! These cret... bazza
  24. How can I get the information on de... kill smart security
  25. Hi all! I followed the instructions and manag... Anonymous
  26. The Grammar! The Horror! without this program... blair
  27. Can anyone help me to remove this stupid secu... Anonymous
  28. Can anyone help me to remove this stupid... Anonymous
  29. thanx for your help.it took 3 times to get ri... den
  30. go to smart secxurity sight ,use there remova... den
  31. i saved there free clean removal tool f... den
  32. Hi all. I followed the instructions on how t... Anonymous
  33. Like Gillian Mary Holland in the UK my PC was inva... Jude Mndeme
  34. I has been invaded by smart-security wallpaper, an... Albert
  35. Many thanks to the student from Cali for help... Anonymous
  36. ty so much........ that smart thingy has been the... jonathan
  37. If you right click and select view source on the "... Ziegg
  38. anyone can email me if you need the fix for this p... joe vanwormer
  39. If the Cali-tip doesn't work,try this... I couldn'... Anonymous
  40. I too have been attacked by smart-security, I... Jewett
  41. hi! how can i remove smart security ad on my deskt... Anonymous
  42. this is the only way i know of how to remove... rami kanso
  43. go to link and take the freeclean.exe That's... Carlos Theodoro
  44. This smart security thing is turning me... Anonymous
  45. many thanx to the guy from california ! i was... Michael
  46. Hey... I am a 17 year old from Mexico, and I am a... 23c0n
  47. Easy to fix. For clarication to anybody who gets... Know Names
  48. hi all, go to their sight and run their remov... den
  49. i got rid of the SMART SECURITY wallpaper by usin... Slava
  50. http://www.smart-security.info/removal.html go to... Carlos Theodoro
  51. Still there! I deleted the "smart security" screen... Anonymous
  52. SMART SECURITY YOU GUYS SUCK Can someone please he... Mark
  53. My Kudos to the anonymous student in Cal. I'v... Rix Seacord
  54. Hi everyone, I must admit whoever did this is very... jovi otite
  55. I was hijacked by this smartsecurity today an... Anonymous
  56. Both my brother's and mother's PCs got infected wi... Tom
  57. how to i get rid off smart security from my destop... neo smith
  58. my computer has also been taking over by smartsecu... Anonymous
  59. I have problem with smart security background. The... Anonymous

Related Links

More In Security management


Company/Topic Alerts

Create a new alert from the list below:











Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Featured Talkback

In association with Network Liberation Movement
It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters