Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


February 2001

Internet Scanner Keeps Your System Safe

From the February 2001 Edition
of Windows Web Solutions
Ken Spencer
Feature
InstantDoc #16469
Windows Web Solutions
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows Web Solutions | See More Resource Kit Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

The Windows 2000 Resource Kit

Internet Scanner (IS) is a Microsoft Windows 2000 Resource Kit tool for analyzing network servers. With IS, you can scan one server or multiple servers on a TCP/IP network or on the Internet. The results of the scan can show information such as potential security holes in the servers.

This tool spots many holes, which saves you the time and trouble of poking around each server or system on your network to determine whether that server or system is vulnerable. In addition, IS provides a way to automate this task. The automation process is great because you can run IS on a schedule or on demand. This flexibility lets you control how you monitor your servers and systems and at what frequency. The status information and reports that IS generates provide detailed information about the problems it encountered, which gives you a starting point for solving those problems. For example, IS will return a list of any system accounts, such as Guest accounts, that might compromise the system's security. You can then change the account information (such as a password).

Installing IS
The first step in using IS is installing it. You can install the scanner on any server or workstation that you'll use to perform testing.

Like most resource kit tools, resource kit installation doesn't include IS. You must use the IS Setup program to perform the tools installation on the target machine.

To execute Setup, start setup.exe from the \apps\internetscanner directory on the resource kit CD-ROM. Follow the prompts to complete the installation. By default, the system installs IS in the C:\program files\iss\scanner6 directory. This folder contains not only the scanner executable file but also release notes and documentation.

Scanning Your Servers
Choose Start, Programs, ISS, Internet Scanner 6.0, Internet Scanner 6.0 to start IS and bring up the IS GUI. When you start the application, the dialog box that Figure 1 shows appears. From this dialog box, you can start a new scanning session, open an existing session, or generate a report.

To start a new scanning session, select Create a New Session, then click OK to start the New Session Wizard. On the wizard's first page, click Next. The wizard displays the Policy Select dialog box. On this dialog box, you select a scanning policy. The scanning policy controls the extent to which IS will analyze the servers. You can choose from five levels:

  • Level 1 (Inventory)—Inventories the systems on the network
  • Level 2 (Classify)—Classifies the systems on the network
  • Level 3 (Minimum)—Provides susceptibility testing from unsophisticated attackers
  • Level 4 (Medium)—Provides medium susceptibility testing from automated attacks or moderately skilled attackers
  • Level 5 (Maximum)—Provides susceptibility testing from highly skilled attackers and looks for improperly configured servers

For your first scan, select the L1 Inventory option. Click Next to move to the next page. On the Comment dialog box, enter a descriptive comment for the session. Click Finish.

IS now shows a list of the hosts (i.e., servers) it will scan. In my test, I scanned only my local workstation, so an entry for 127.0.0.1 appears for that workstation.

You're now ready to initiate a scan. You can start a scan in several ways. The most obvious way is to select Scan Now from the Scan menu, which starts a scan with the current session parameters and automatically updates the interface with the results. The status window at the bottom of the interface is updated as the scan progresses.

You can also initiate a scan by selecting Console Mode Scan from the Scan menu. This option opens a command prompt window and runs the command in batch mode with the current session settings. As the batch process runs, it displays status information in the command prompt window. When the scan is finished, a dialog box appears asking whether you want to update the interface with the scan results. Click Yes to perform the update. The scan time depends on the number of systems you're scanning and the type of scan you're performing. For example, a level 3 scan is more time-consuming than a level 1 scan.

The IS interface window, which Figure 2 shows, displays the properties of each host that IS has scanned or will scan. The Scan Status column shows whether IS has scanned the host.

Working with Results
When you've completed a scan, you can work with the results. You have two choices for analyzing the data: clicking a host in the interface's left pane and viewing scan details or using reports. Clicking a host in the left pane of the interface displays a series of tabs along the bottom of the Session window. Each tab represents a page with either properties about that host or information detected during the scan.

Here's where using this tool gets interesting. Running the L1 Inventory scan on my local workstation provided interesting results. Clicking the Vulnerabilities tab revealed two SNMP services, which Figure 3, page 16, shows, that could let intruders gain access to my workstation. The Risk column provided a little insight into the extent of the vulnerabilities. Both SNMP service vulnerabilities showed a Low risk setting. When I right-clicked an SNMP service entry in the Risk column, a What's This? button appeared. Clicking the button took me to an explanation screen for the SNMP service's risks, which is nice because it's intuitive to drill down from the Vulnerabilities tab directly into details about the problem.

The second method for analyzing a scan is to use a report. You can create a report by selecting Generate Report from the Reports menu. This option displays a series of Generate Reports dialog boxes. Figure 4, page 16, shows the first of these dialog boxes—Generate Report - Select Reports—with one of the Vulnerability Assessment reports selected. After you've selected the report type, click Next to display the Report Criteria dialog box. Here, you can select the session or sessions on which to report, the level of risk, and the host systems that will appear on the report. After you've selected the criteria, click Next.

The last page of the Generate Reports process is the Summary Page. This page lets you preview, print, or export a report. The Preview option opens a preview window. This window isn't simply a dumb viewer: It has navigation controls like other viewers, but it also has live sections in the report. For example, if you run a Vulnerability Assessment report, you can double-click a vulnerability to open a window containing only that information. When you open a particular item in a report, the Preview window adds buttons to the top of the window that provide one-click access to any drill-down window or the Preview window.

A Powerful Tool
Caveat emptor! Licensing is a consideration with this tool, which Internet Security Systems (ISS) created. From the resource kit, you can use IS on the machine on which you install the tool, but you can't scan any other machines on a network. To scan other systems, you must obtain a license from ISS (http://www.iss.net). You can purchase licenses in packs (such as 10 or 15) or for entire networks. The licensing has two benefits: First, licensing is how ISS makes money from the scanner, and second, the license restricts the systems you can scan with IS. This last reason is important because it prevents someone from getting the tool from the resource kit and scanning your servers. You must license the tool to scan a host. Also, the resource kit version is IS 6.0, while IS 6.1 is the current version. If you license the tool, you can upgrade to IS 6.1.

IS is a powerful tool, and I've only scratched the surface in this column. The Reporting option alone can save you a tremendous amount of time and help you plug holes in your network and server configuration. One other feature of note is X-Press Updates, which lets you automatically or manually receive updates to IS. In the next issue, I'll introduce you to the Performance Counter Check tool.

Tip: You can create new sessions at any time by selecting New Session from the File menu.

Tip: IS is most often used on workstations to monitor servers. If you use IS on a server, the tool can place loads on that server that affect its performance.

End of Article

Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

VMware and the Future of Virtualization

What's next for virtualization and business IT? Windows IT Pro senior editor Jeff James speaks with VMware President and CEO Diane Greene on the future of virtualization technology. ...
Security Whitepapers Protecting (You and) Your Data with Exchange Server 2007

Extended Validation SSL Certificates

Unauthorized applications: Taking back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

IT Connections
Dive into the new Microsoft platforms and products you implement and support with the experts from Microsoft, TechNet Magazine, Windows ITPro and industry gurus. There are 70+ sessions and interactive panels with networking opportunities.

Attention User Group Leaders...
Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes and add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Master SharePoint with 3 eLearning Seminars
Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!

Get SQL Server 2008 at WinConnections
Don’t miss Microsoft Exchange and Windows Connections conferences, the premier events for Microsoft IT Professionals in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.



Interested in Email Encryption?
Read about the advantages of identity-based encryption in this free report.

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Virtualization Congress Oct. 14-16 in London
Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technical Resources Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing