Network Vulnerability Scanners

Reports
All three products handle reports similarly. On their interfaces, NetRecon and Internet Scanner display immediate scan results. The results are temporary until you save them. CyberCop stores its results directly to a database and lets you access them through several predefined reports.

Each product uses Crystal Decisions' Crystal Reports as its report generator. The actions you take to generate and export reports are nearly identical in NetRecon and CyberCop. Both let you view and print reports, and you can save reports to several formats—for example, HTML, Microsoft Word, Microsoft Excel, Comma Separated Value (CSV), and Rich Text Format (RTF). Internet Scanner can export reports in HTML and RTF formats and also offers Adobe Systems' PDF format.Because of the volume of data that vulnerability scans typically generate, expect a few Crystal Reports—generated error messages if you attempt to export a large report to Word or Excel. When I attempted to push Crystal Reports beyond its limits, I received the typical Out of memory error messages.

Because each product uses a common reporting tool, I focused on the resources each product provides for the how of fixing a known vulnerability. Internet Scanner's GUI lets you display and sort vulnerabilities in several ways. You can then right-click a vulnerability to obtain an HTML Help window that describes the vulnerability and offers proposed fixes, a CVE identifier, and links to Web sites that offer related security bulletins. The detail in Internet Scanner's vulnerability definitions and fix procedures is excellent.

NetRecon's vulnerability-fix features are similar to those of Internet Scanner. In the interface, I could double-click a listed vulnerability and obtain detailed information and links to pertinent Web sites. One feature that I found particularly helpful was NetRecon's Path Analysis, which Figure 4 shows. Path Analysis provides a unique display of the thread of actions leading to a vulnerability. This display can give you a new security-dependency perspective that you don't typically get by reading a vulnerability's description or proposed remedy. Thus, you can gain a better grasp of the way security threats can be interconnected rather than isolated and separate.

Whereas the other two products provide immediate scan results, you must rely strictly on CyberCop's report generator for access to vulnerability and fix information. After CyberCop completes a scan, you can customize a report that contains information about how to fix a vulnerability. However, displaying scan results that pair discovered vulnerabilities with details and fix information wasn't an intuitive process. I needed time to learn how to use the report generator to create useful reports. Until I learned the process, I found that CyberCop's Policy Configuration interface was the best place to review detailed information about specific vulnerabilities. CyberCop provided helpful vulnerability details, CVE classification, and links to Web sites that contain security bulletins and patches.

Final Thoughts
Network-based vulnerability scanners can play a vital role in any security strategy. Although you can't neglect the importance of virus protection, firewalls, and secure policies and practices, you still need a tool to discover your network's vulnerabilities. All three of the products that I evaluated offer enterprise capabilities and can scan multiple OSs. If you administer a Windows-only network, you might want to consider Harris's STAT Scanner or NetIQ's Security Manager. A good network-based vulnerability scanner can help you level the security playing field and can help you sleep better at night—after you fix all the vulnerabilities you find.