 |
|
bv-Control for Internet Security V3
Brief
product description
Bv-Control
is a vulnerability scanner (also called a network scanner or security scanner).
Bv-Control is a Windows NT application that examines devices on IP networks for
security holes that hackers could use to break-in. It examines devices of all
types (servers, workstations, routers, hubs, printers, etc.). As long as the
device has an IP address (and therefore is part of a TCP/IP based network), then
Bv-Control will examine it for security holes.
Architecture
Bv-Control
is a console based IP scanner running from a central location.
Bv-Control consists of 6 components: the console,
the database, and the four Bv-Control services (all installed on the host
where the console is installed.)
Documentation
A
getting started guide is provided in hard copy.
The admin/reference guide plus tutorial are electronic and included with
the product. Additional information
is provided on Bindview�s website.
What
are the minimum/recommended console OS and hardware requirements?
200
MHz Pentium II or greater
128 MB RAM
40
MB Free Disk Space
TCP/IP network with an Ethernet
card on the Bv-Control computer
Access
to a CD-ROM drive (for installation from CD)
Windows NT 4.0
Service Pack 4 for NT 4.0 (included on CD) or higher
Microsoft Internet Explorer 4.01 (included on CD)
Administrator privileges for the computer on which Bv-Control will be installed
An Internet e-mail account (required for RapidFire Updates)
On
what platforms is this certified to run? Will it work on Windows 2000?
Bv-Control
runs under Microsoft Windows NT v4.0 with Service Pack 4 or better. Internet
Explorer v4.01 or greater is also required but does not have to be the default
browser. Version 3 will support installation on Windows 2000 (ship date 1q2001)
At
what layer of the protocol stack is the product working?
Network
Is
a raw packet driver installed?
Yes
Can
multiple scanning engines be deployed and configured from a central console,
i.e. define a single scanning policy centrally and deploy this to all scanners
automatically?
Bv-Control
is a centrally based IP scanner running from a single location.
The current shipping version does not support multiple scanning engines.
A scalar architecture is planned for the version 4 release.
Authentication
between console and engines � Is it available? What algorithm/key
lengths?
n/a
Secure
logon for policy management?
No
How
are policies distributed to scanners?
n/a
How
are policy changes handled? Will the central console detect which scanning
agents are using a changed policy and redeploy automatically, or does the
administrator have to do this manually? Can it be done once from a central
location or do all scanners have to be updated individually?
N/a
How
many attack signatures?
Bv-Control
currently detects over 700 security vulnerabilities, covered by our 300+
internal security probes.
Which
platforms (i.e. NT, Windows 2000, Linux) and network resources (i.e. firewalls,
routers, printers, Web/mail/FTP servers) are covered by the attack
signatures?
Once
Bv-Control is installed it will scan any machine on the network for security
holes regardless of platform (i.e. UNIX, Windows NT/2000, Windows 95/98 and
other platforms). As long as a device has an IP address, Bv-Control will scan it
for security holes.
Can
it perform accurate OS detection?
Yes
What
types of port scans can be performed?
(Unanswered)
Can
the administrator define custom attack signatures?
Not currently supported. Version 4 will provide a method of user defined attack
signatures.
Can
it perform true DoS attacks
If
a DoS vulnerability can be accurately detected by inference techniques
(including banner analysis and other data gathering techniques), Bv-Control will
do so in order to minimize impact on end systems.
However, there are cases in which the only way to accurately determine
risk is to perform a true DoS attack on the host. Bv-Control categorises such security checks as "Live
Fire DoS" checks and provides the user with the ability to select or
deselect this group of checks. By
default, the Live Fire DoS checks are not enabled.
How
are new attack signatures obtained and deployed?
RapidFire
Updates are Bv-Control's protection against the latest hacker threats.
BindView's security research team (Razor) sends out regular updates that include
the latest security threats and how to close them. RapidFire Updates can be sent
via secure email and automatically integrated into the Bv-Control database of
security checks. RapidFire Updates
can also be downloaded from the BindView website.
Frequency
of updates? Provide dates of all updates in the last year.
Updates
are sent as dictated by events in the security industry. On
the average, updates are sent monthly.
Can
one signature update file be downloaded to the local network and used to update
all scanners from a central location, or is it necessary to initiate a live
connection to the Internet download server for each scanner?
No
Can
signature updates be scheduled and fully automated?
Yes
Are
scan results available in real time during scan?
Scan
progress is available during real time, but the results are provided when the
scan is completed.
Are
scan results (even as a summary) available on-screen following a scan without
having to run a separate report?
Yes
Advice
on preventative/corrective action when vulnerabilities found?
Yes
Capability
to auto-fix certain vulnerabilities? If so, is there an �interactive mode�
and/or an undo facility?
Yes
Automatic
alerting if severe vulnerabilities are found during a scan?
Yes,
via email or SNMP
Integration
with other scanning/IDS products?
Not
currently supported
Management
reporting � range of reports/custom reports/how easy is it to filter and
extract detail? Different reports for technicians and management/end users?
Bv-Control
provides a GUI environment with HTML based reports.
No scripting is needed to generate different reports for management or
administrators. Filtering can be
adjusted on the fly via the GUI interface as well as the level of detail.
What
are the limitations and restrictions on enterprise-wide alerting and reporting?
Is it possible to combine reports from several scanners?
No
limitation on enterprise wide reporting other than license constraints.
Version 3 supports the ability to combine reports.
Report management � archiving? Can historical scans be consolidated/compared for trend analysis/comparisons Bv-Control provides both the ability to archive historical scans and the ability to use baseline comparisons for the analysis of such historical data.
Can
scans/reports be scheduled for automatic production? Can the results be e-mailed
to administrators or published straight to a Web site?
Bv-Control
provides a built in scheduler to allow scans to be run unattended.
Reports from those scans can be exported into numerous formats including
ASCII, .mdb, .doc, and html.
Does
the product incorporate IDS evasion techniques to test IDS effectiveness? If so,
describe in detail how these are implemented.
No
How
is it licensed? How is the license enforced?
Bv-Control
is licensed by the number of IP addresses that can be scanned for security
holes. For example, a 200 IP address license will allow you to scan up to 200 IP
devices (servers, workstations, routers, etc.) for security holes.
Licensing is enforced at the scanning console.
End
user pricing
Console
+ 1 IP address
$695.00
100 IP addresses
$1,995.00
500 IP addresses
$9,975.00
1,000 IP addresses
$19,950.00
Class C subnet
$3,995.00
Class B subnet
$32,000.00
Ongoing
cost of maintenance/updates
Maintenance
costs are 20% of purchase price
Console + 1 IP address
$139.00
100 IP addresses
$399.00
500 IP addresses
$1,995.00
1,000 IP addresses
$3,990.00
Class C subnet
$799.00
Class B subnet
$6,400.00
Click here
to return to the bv-Control Review
Click here to return to bv-Control Results
Click here to return to the VA Index Section
Send mail to webmaster
with questions or
|