Network Computingwww.networkcomputing.com

In the lab, NetSonar was fairly thorough and detected most holes, but its performance was noticeably sluggish. The 64-MB minimum RAM requirement, combined with a 384-MB swap requirement, was the first indication that something was amiss. We initially blamed our SPARC-5-based workstation, but after seeing Netective's performance on the same unit, we ruled out lack of processing power. We brought a faster, Pentium-based machine into the lab and moved it to Solaris 2.6 for x86, but that didn't solve the problem. If you want better performance, consider purchasing additional hardware.

Performance issues aside, NetSonar offers a healthy set of security checks and does a decent job of discovering holes. During testing, we had the option to set up and schedule multiple probe sessions. And NetSonar offers particularly flexible reporting. In the lab, it manipulated charts, graphs and the overall presentation of discovered data.

As with Internet Scanner, you can generate reports at various levels ranging from "executive" to highly technical. NetSonar would be a strong contender in this area if only it had in-depth descriptions. In contrast to the depth of Internet Scanner, which pointed us to resources for further information, most of NetSonar's details about the discovered bugs were no more than a few sentences with a handful of external references.

Although we were not pleased with its lack of detail, we credit NetSonar's flexible licensing policy. We were given a Class C license to scan any range of addresses in chunks of 255. For the average network administrator in a fixed environment, this may make little difference. Roaming consultants, however, will appreciate this capability. ISS, in contrast, requires a visit to its Web site with a serial number. You must specify a fixed IP range (which Internet Scanner doesn't completely understand anyway), download a text-based key and install it in the product.

If you want to use a new range, you must start from scratch. For consultants, Ballista has an interactive key-generating engine. NetSonar's licensing flexibility far outshines that of the other products.

Our primary complaint with NetSonar centered on its passivity. We misconfigured a scan range, and instead of prompting us with a problem, NetSonar continued working and eventually died (leaving no errors behind). Later, one of our licenses expired, but NetSonar failed to warn us.

NETECT Netective Site 1.0
Although possibly a superhero in the making, NETECT's Netective Site is still more like the young ward. Built upon an extremely powerful engine, Netective lacks the depth found in Ballista and Internet Scanner. In the lab, it let a significant number of security holes go undetected.

We tested Netective for Solaris on a SPARC-based platform. Like NetSonar, Netective scans all available platforms but runs only on Sun Microsystems-based solutions. NETECT has concentrated on developing the product's engine, especially for updates and binary checking. Unfortunately, the vendor must put more work into its internal database of checks or the product will continue to fall short in its basic probing. During testing, Netective completely missed DNS holes, lower-level IP problems, routing vulnerabilities, Solaris' ADMINd problem and other assorted security issues, nor could it accurately determine server types.

Netective did offer suggestions for further reference. When digging into the warnings on Samba, it directed us to an excellent SMB/CIFS resource written by the Hobbit. We would love to see this type of functionality in other products. Unfortunately, in this particular instance Netective mistook our Cisco 3000 router for a half-breed of Unix and NT, stating that the Samba service was running with the Netscape Web server simultaneously. This didn't make sense, as Cisco's IOS (Internetwork Operating System) doesn't offer that functionality.