Product Reviews

Grouped under the bv-Admin and bv-Control suites, BindView's wide range of products aims to simplify management of Windows and NetWare environments, giving migration, auditing and security-assessment facilities. Internet Security 3 is designed to detect any security vulnerabilities by probing your network looking for potential holes and weaknesses that could be exploited either internally or externally. Formerly known as HackerShield, Internet Security 3 works by launching simulated attacks on selected systems using a wide variety of known hacking techniques that are stored in a central database. You don't need to be a security expert to use it either, as it can automatically fix any holes it finds.

This latest version brings in a wealth of new features, as, along with Windows NT 4, the management console can now be run on any Windows 2000 platform. Internet Security can probe any IP-based network device such as workstations, servers, routers and firewalls, but it also interrogates a wide range of operating systems. Previously, HackerShield ran as a standalone product, but the new RMS (Risk Management Solution) Console provides a central point for accessing all BindView products. Installed as an MMC (Microsoft Management Console) snap-in, the RMS Console can be easily configured to run any of the bv-Admin and bv-Control suite members and also runs in tandem with BindView's new Information Server service, which looks after queries, task processing, data storage, charting and data export.

Internet Security only needs to be loaded on a single server, requiring no other running utilities. The interface is split into three panes, the left displaying a console tree for easy access to each task. Internet Security kicks off by scanning your selected IP subnet, building up a list of discovered IP devices. On my test network it picked up the host Windows 2000 Server system plus other systems running Windows NT Server 4, Windows ME and 98, with OS identification more accurate than previous versions.

Before running any scans, it's advisable to install the latest RapidFire Updates to Internet Security. These can be downloaded and applied manually or automatically via email. The annual upgrade maintenance charge is £314 for the RMS Console and £335 for 100 IP addresses. Behind the scenes is BindView's RAZOR team of security experts who are meant to identify new security risks and publicise them. Before scans can be run, you need to create target groups containing

ADVERTISEMENT

the devices you want scanned. Jobs can be run immediately or scheduled at regular intervals and require a target group to be associated with one of six types of security checks. You can choose normal or quick scans, use only new information from the latest update, run password tests, opt for a SANS (System Administration, Networking and Security) Priority One scan that scans for the top ten types of security issues or run the whole barrage of tests. It's easy to see what each test involves, as the Security Checks menu displays the individual tests selected for each option and a brief description of their function.

A full scan of the test network took 90 minutes, although most of this time was taken up by the Password Cracker utility, which was allowed to run for an hour. Even so, the wait was worth it, as 24 security holes were identified, 12 of which were considered high risk. These ranged from insecure share rights up to specific CGI and ColdFusion files that contained security vulnerabilities. It ascertained that the Windows NT 4 system was vulnerable to DoS (Denial-of-Service) attacks, while the Password Cracker correctly guessed passwords for nine Windows NT/2000 user accounts and advised that six others were using duplicate passwords. The scan even opened a Telnet session to my Intel switch using a default administrator password I didn't know existed. Trojans don't get an easy time either, as Internet Security issues 'ICMP echo reply without request' packets to get them to reveal themselves. I knew this was occurring, because the BlackICE Defender firewall software on one test client immediately flagged this specific probe as a critical event. So far so good, but one of the traps I set during testing was missed completely, as Internet Security failed to spot that administrator accounts on both test servers had blank passwords. BindView was advised of this problem and agreed that I had, indeed, found a bug in the security-checking procedures. A patch was promised, but over three weeks after the fault was reported no updates and no further information from BindView was forthcoming.

Summary reports are provided with each security hole, accompanied by a detailed explanation, advice on how to plug it and, where appropriate, links to Web sites for security patches and updates. You can also compare reports, consolidate them, export the results to Crystal Report, Word, CSV, HTML and MDB formats and use filters to refine the amount of data provided.

With hacker attacks increasingly in the news, network administrators can't afford to be lax about security and yet many don't have the skills required to identify and block the threats. BindView's bv-Control for Internet Security 3 looks an ideal solution, particularly for small to medium-sized businesses, as it can probe networks with a huge barrage of tests but doesn't require users to be security experts.

Price: RMS Console, £1,496 (exc VAT); support for 100 IP addresses, £1,596 (exc VAT); annual upgrade maintenance charged at 21 per cent of current list price per product