|
AXENT NETRECON probes your security systems before the hackers do!
|
 |
THE PROBLEM
As your computer network becomes more complex it becomes harder to stay on top of potential security threats. Computer networks are growing larger, more dynamic and more complex and so the security threat increases exponentially.
THE SOLUTION
Axent NetRecon helps to secure your organization's e-business by eliminating common security vulnerabilities before an intruder is given the opportunity to exploit them and attack.
THIS MEANS...
You know what your security weaknesses are and how you can harden your systems against attack.
You can re-check your security system after any change - no need to bring in the consultants each time, or run the risk of having security loop-holes.
You can constantly check that changes by remote operators or users have not introduced security weaknesses - and plug them if they have.
Step 1: Assessing your network's vulnerabilities:
NetRecon is a network vulnerability assessment tool that discovers, analyses and reports holes in network security.
NetRecon does this by conducting an external assessment of network security by scanning and probing systems on the network. NetRecon re-enacts common intrusion or attack scenarios to identify and report network vulnerabilities, while suggesting corrective actions.
Move beyond simple serial vulnerability detection and reporting with risk assessment based on the holistic/whole view of your network. One weak link in the network may contribute to the highest risk vulnerabilities. NetRecon differs from other scanners by offering a unique, patent pending Progressive Scanning technology that challenges your network and systems like a sophisticated tiger team - executing checks in parallel and sharing information obtained during the scan to search for deeper weaknesses. In addition, it learns as it goes, adapting the penetration strategy based on previous results.
Step 2: Getting to the root cause:
Why is NetRecon different? Because it not only discovers and reports vulnerabilities, it goes far beyond that by correlating these vulnerabilities in order to demonstrate the root cause of more serious vulnerabilities.
It is the only solution that provides root cause analysis with a unique path analysis feature to illustrate the exact sequence of steps taken to uncover a vulnerability.
Unlike other tools that simply offer explanations of symptoms of problems, NetRecon provides a systematic understanding of the causes of your vulnerabilities.
Through NetRecon's unique path analysis, you can trace the steps leading up to a vulnerability or exploit, leading you to the root cause of the problem. With NetRecon, you don't get mounds of data on symptoms of the problem. You get the real cause of the problem. And fast.
"NetRecon makes the job of the enterprise security managers easier by automating a large piece of the risk analysis process. Sophisticated vulnerability scanning capabilities and aggressive pricing leads me to believe that AXENT has hit a home run with NetRecon." - Steven Foote, vice president of Hurwitz Group
"Before NetRecon, you might discover several weaknesses in the network, but you couldn't clearly see how the exploitation of those weaknesses could lead to a serious break into other seemingly secure systems." - IT Manager
NetRecon can evaluate a wide range of system types:
- UNIX Servers
- Windows NT Servers
- NetWare Networks
- Windows 95 and 3.x Workstations
- Mid-range Systems
- Mainframes
- Routers
- Gateways
- Webservers
- Firewalls
- Name Servers
- And many more...
Vulnerabilities Checked
Below are a few of the vulnerabilities NetRecon checks for:
- Resource discovered - Normally the first vulnerability checked for is whether or not a network resource can be discovered. For TCP/IP systems NetRecon sends a ping broadcast over the network to see which systems respond. Other protocols such as IPX are used to discover NetWare systems. If you can keep someone from discovering the name and address of a resource, it is much less likely to be broken into.
- Exec service enabled - The exec service (also called rexec) provides remote command execution facilities with authentication based on user names and passwords. Attackers find this service an attractive for password guessing tool because it rarely keeps logs of use. NetRecon checks for many other common services that are known to be vulnerable to attack.
- SMTP decode alias enabled - Including a decode mail alias in /etc/aliases makes it easier to send and receive binary files by e-mail. Unfortunately, a decode mail alias can be used to create or overwrite files on the system. For example, an attacker could use this vulnerability to plant a bogus message in the message queue. A few versions of uudecode allow the creation of SUID files, which let an attacker create an SUID daemon shell in an accessible directory, effectively giving unauthorized administrator access to a machine. NetRecon checks for a number of vulnerabilities in the smtp service and related programs (such as sendmail).
- Null session access obtained - In Windows NT networks with multiple domains, some Windows NT programs and services use null session connections to enumerate account names and available shares. Null session connections allow a remote attacker to gather information about system accounts and resources. This information can be used in a number of ways to gain access to Windows systems and resources.
- User level access obtained - This vulnerability exists if NetRecon can login to a network resource as a valid user. NetRecon uses login names and passwords it obtains from various sources to attempt access regardless of the system type (e.g., Windows NT, UNIX, NetWare). The first step in gaining administrative access to a machine is usually to get access as a normal user. With NetWare, Windows NT, Samba servers, and others, NetRecon attempts to enumerate all exposed file systems (possibly using null session connections) and connect with the shared directory using known login names and passwords.
- Discovered system type - Discovering the system type is a big help to someone trying to break in. For example, if attackers can detect that a system is running Windows NT 4.0 without service pack 3, they can exploit a number of well-known vulnerabilities.
- NIS encrypted password obtained - The nis service (also sometimes called yp, for yellow pages) allows transfer of information between hosts that share administrative control. nis servers typically contain databases (also known as maps) of passwords. If attackers can locate nis servers and obtain password maps, they can extract encrypted passwords to crack using any resources available to them.
- Password cracked using small/large dictionary - If an attackers can obtain encrypted passwords from a system (and there are several ways to do so), they can encrypt passwords from a dictionary and compare them to the passwords obtained from the victim, thereby guessing any passwords that match words in the dictionary. Since many people use common words or names as passwords, there is a high probability that at least some encrypted passwords can be cracked. NetRecon uses a small dictionary (for speed) and a large dictionary (for completeness) to try to guess passwords.
- Local disks mountable via SMB - SMB (server message block) is a standard message format used by many operating systems to share files, directories, and devices. Windows NT 4.0 with no service packs by default allows SMB clients (such as Samba) to mount any local drives with read/write permission. An attacker can use this method to gain unrestricted access to the local disks of an NT workstation.
- NetWare notification password trap possible - Windows NT 4.0 without Service Pack 3 by default includes a registry entry that points to a .DLL used by NetWare for receiving password updates. An attacker who has write access to the System32 folder (even without the ability to modify the registry) can plant a Trojan horse version of this .DLL that traps plain text password changes to the local SAM database.
- Port [number] active - Attackers typically scan all systems they can find for active ports. Active ports indicate services in use. In many cases, an inquiry to an active port causes the service to return information about itself (such as its name and version), and some services are almost always found on particular ports. Knowing which services are in use on particular systems helps an attacker know what kinds of attacks to perform and which systems are vulnerable. NetRecon performs separate scans for privileged ports (1-1023), which indicate services running with administrative rights, and non-privileged ports (1024-65535).
FEATURES AND BENEFITS
Enterprise Support
Scans multiple operating systems including UNIX, Windows NT, Windows 95/98 and NetWare and multiple protocols like TCP/IP, IPX/SPX, and NetBEUI from a single tool
Scans different servers, firewalls, routers, hubs, name services and Web servers
Progressive Scanning
Parallel processing of checks
Shares information on penetration strategy and results across the scan
Searches deeper for weaknesses resulting in more thorough assessment
Views scan progress in real-time graphical display
Generates reports tailored to the audience and in a variety of formats including Word, Excel, and html that you can view with your browser. You can tailor your own custom reports.
Unique Path Analysis illustrates the exact sequence of steps an intruder would take to identify or exploit a vulnerability
Identifies vulnerabilities and provides recommendations on how to fix the problem
Web Updates
Upgrades available from the Web with the latest security updates
 |
|
|
|
|
|
|
|
|
Need more information?
Contact us for evaluations or pricing
|
|
|
|
|
|
|
|
|
Details
