Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Arming Your Top Security Guns: Page 6 of 14

Fortunately, at our Neohapsis labs we have more test networks than production networks. We plugged the Protocol Modeler host (housed on a Compaq 1850R Pentium III machine) into a Cisco Systems 2900 series switch. Several Linux and Microsoft Windows 2000 hosts, all running various services including POP, SMTP, DNS and HTTP, provided target applications. One advantage of running on a full-featured managed switch is the option of configuring a span port to monitor traffic. The other option is to connect Protocol Modeler to a hub.

Either way, you'll want to hook up your favorite sniffer--we used Ethereal and its CLI-based sibling, Tethereal--for out-of-band monitoring of Protocol Modeler. The run-time logging is insufficient not only for monitoring progress but also for gaining an understanding of the transactions being run.

That you've never heard of a tool quite like (or maybe anything like) Hailstorm Protocol Modeler is a testament to its uniqueness. From a business standpoint, that's both a strength and a weakness. On one hand, Cenzic has no commercial competition to contend with. But existing in a vacuum makes the product somewhat of a black sheep. The security tools market is already crowded, creating some stiff competition for security analysts' mind share. To help you put Protocol Modeler in perspective, here's a look at some security tools with relevant similarities. Read more on Cenzic finding its target customer.

• Vulnerability-Assessment Scanners: VA scanners run through databases of known attack types, probing a host or network device for known security vulnerabilities. When a new vulnerability is discovered--for example, Microsoft IIS is found to be susceptible to some new type of script disclosure--a check is developed and added to the list of signatures. Each is run in turn on the targeted host, perhaps after being narrowed down by host-type identification, "only run the IIS checks on IIS servers, not on Apache."

Like most signature-driven anti-virus software, with VA you are protected only against known attacks. Protocol Modeler doesn't offer conventional VA services but rather enables the user to proactively probe an application for unknown but suspected security vulnerabilities. This bug hunting is more time-consuming and technically demanding than running a VA scanner. Because these activities have different goals--identifying known vulnerabilities versus finding undiscovered flaws--comparing them is useful only to distinguish the two types of tools.

Examples of VA tools include Internet Security Systems' Internet Scanner and Nessus.