Network Computingwww.networkcomputing.com

Another detriment, according to Johnson, is that the product targets network/Internet scenarios. Support for WAN/telco security--including T1, FDDI, Ethernet, X.25 and PBXes--is pla nned by the end of summer, he says, adding that the ability to let users decouple individual subnets from a net to perform standalone subnet risk analysis was slated for availability by last month.

What Is Risky? Johnson says NetRISK resembles the well-known SATAN (Security Administrator's Tool for Analyzing Networks) security tool in that it provides a list of network vulnerabilities--it differs in that it also lets users easily see whether the vulnerabilities exist on critical or noncritical resources, and lets them determine how much it would cost to improve security. Johnson says the top four vulnerabilities are sendmail applications, remote access, configuration error and failure to implement security patches. Many security problems, he says, can be solved simply and inexpensively with proper configuration and patches. Good router configuration also protects businesses from internal threats.

Johnson says Trident is partnering with Internet Security System (ISS), Atlanta, to merge ISS' SATAN-like probe with Trident's passive decision support system. This will let users test whether security fixes recommended by NetRISK are appropriately implemented. The probe also provides options to automate security fixes, such a s configuration changes, which are known to create vulnerabilities.

What's the most over-exaggerated risk for networks? "A lot of people exaggerate the importance of IP spoofing," he says. "It is doable, but there isn't a whole lot of it going on. It's still difficult to do and easy to counter."