Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 03, 1997, Section: Hardware

Security Software Finds Holes In Network Elements -- NetSonar detects breaches in network devices and operating systems

By Beth Davis

WheelGroup Corp. is expanding its line of intrusion-detection tools with NetSonar, software aimed at pinpointing security holes in operating systems and devices on enterprise networks.

According to the company, the software can spot vulnerabilities in several operating systems, including Windows NT 4.0 and various flavors of Unix, and in routers from a variety of networking vendors. The goal:to help IT managers maintain high levels of network security as they grapple with constant changes to their enterprise networks, says David King, VP of marketing at WheelGroup, in San Antonio.

NetSonar first creates a network map, then "pings" the network and conducts port sweeps to determine what devices, hosts, and operating systems are out there and which services they're running. The software then compares that information to WheelGroup's Enterprise Security Database of known vulnerability patterns. NetSonar consolidates the information into reports-from executive summaries to detailed technical documents-that can include charting, trending, and graphic analysis.

NetSonar can discover as many as 100 different devices on the network, according to WheelGroup, and the database includes hundreds of known vulnerabilities. More devices and vulnerabilities are being added regularly, says product manager Scott Olson.

Niagara Mohawk Utility Co. is considering using NetSonar as a piece of its security infrastructure, which includes regularly scheduled audits of all its systems, says Mark Nagiel, manager of information security at the Syracuse, N.Y., utility. "Systems change and new systems are continually brought on," Nagiel says. "We really have no way of knowing whether all these products are in line with our security policies."

The Root Of The Problem

Tools such as NetSonar will help IT managers find network vulnerabilities they might not even know exist, says Ellen Carney, an analyst at Dataquest Inc., a consulting firm in San Jose, Calif. For instance, the software can find Unix servers that don't have controls to block root-level access. Such access lets any end user perform virtually any function on the server once in. "There is a very creative community of hackers that come up with new ways to attack the vulnerabilities in client-server networks," Carney says.

NetSonar is due to ship in mid-December. It runs on either an Intel Pentium Pro platform running Solaris X86 version 2.5, or a Sun Microsystems Sparc platform running Solaris version 2.5. Pricing starts at $2,495.