Linux network tool

THE NETWORK ADMINISTRATOR'S nightmare in these virus-plagued days is having unpatched systems around, acting as malware magnets. Yet keeping track of which machines have which patches is difficult at the best of times, especially in heterogeneous environments.

Harris Corp.'s STAT Scanner could be the answer. It scans networks, looking for vulnerabilities of all kinds--missing patches, open ports and misconfigurations, on Windows NT, Windows 95/98/2000/Me/XP, Windows Server 2003, Sun Solaris, HP-UX, RedHat/Mandrake Linux, HP printers and Cisco routers--and reports them to the administrator. Some things it can even fix automatically.

Because new problems are always creeping out of the woodwork, periodic updates are an integral part of the package (the initial licence fee includes one year of updates).

The program is installed on a Windows NT, Windows 2000 or Windows XP system. Its main screen is broken into three panes. One shows a list of machines to be scanned, one displays the machine's details (IP address, operating system and machine name) and one gives you a vulnerability list. You see the list both in aggregate and, thanks to a tabbed interface, by machine. If you have a lot of machines, though, there can be a formidable number of tabs.

You can specify a list of machines to be examined, or give the program an IP range and let it go hunting, or even use Active Directory to designate target systems.

Once you've picked the computers, you have to make sure the program can connect to them with administrative rights. If you're not on a domain, and your systems have different administrative passwords, all is not lost. When you choose the list of machines, the program tests to see if it can get at them, and if it cannot, you can do one of several things to rectify the situation.

If a number of systems have the same administrator password, you can put them into a group, then configure the administrator access for that group. If each machine is different, you can configure the administrator logon one system at a time (tedious, but it does work).

Once that is set up, you can either run a default scan (for all vulnerabilities the program knows about), or build a custom scan for a particular problem (for example, looking for the RPC vulnerability that allowed Nimda and Welchia to run rampant last summer).

The list of possibilities is huge, and not particularly intuitive, so you do need to have an inkling of what you're hunting for.

Running a thorough scan can take some time. In testing, it took about five and a half hours to do 100 machines. There is a command line interface, so you can run scans from the task scheduler or a batch file, once you've set up the scan configuration file through the GUI.

The program can display results as it finishes, or just store the information in its database; there's one reporting file per scan. Then you can run a huge range of reports (the software contains the Crystal Reports engine), varying from machine-by-machine details to executive summaries, complete with charts, that can be exported to many other formats including Excel and XML.

It takes a bit of experimentation for an administrator to glean useful information from the wealth of available reports. If you do a thorough scan, there's so much data you can drown in it. I found the easiest way to handle it was to summarize by vulnerability, look for the nasty ones (they're flagged by severity), and deal with them first--that's also where I found false positives that prompted me to correct the Services file.

STAT Scanner doesn't just tell you about vulnerabilities, it contains explicit remediation directions, including links to service packs and patches, for each vulnerability it finds.

There were a few odd diagnoses--for example, it informed me that Norton Anti-Virus was out of date on a machine running Norton's PCAnywhere and up-to-date McAfee anti-virus software--but on the whole the program seemed to catch problems efficiently. It even noted potential security issues such as the existence of a modem on a workstation (a possible backdoor into the network).

When updates to the vulnerability list become available, you receive an e-mail from Harris, and must go to its Web site to retrieve them. Although there's a "check for updates" option in the STAT Scanner Help menu, all it does is tell you something's available. It would be much more useful if it automatically downloaded the files--other programs with subscription-based updating services manage to do it.

This is one program that would profit from a printed manual--it is so rich and complex, trolling through help files just isn't enough (we received it electronically, so had no docs; you can also get a boxed version). Thanks to the wealth of features, it's not exactly intuitive to set up, either. A fellow administrator who tried it out found the user interface quite confusing (and this is a guy who configures routers!).

Despite these rough edges, STAT Scanner does a good job tracking down vulnerabilities that could become ins for unfriendly activity.

STAT Scanner starts at $US990 for a 10-node licence, including one year of maintenance.

Contact: www.statonline.harris.com

Rating *** 1/2

ILLUSTRATION OMITTED]

COPYRIGHT 2004 Transcontinental Media IT Business Group
COPYRIGHT 2004 Gale Group