 |
|
Symantec NetRecon 3.0.9
Brief
product description
NetRecon
is a network vulnerability assessment tool that discovers, analyses and reports
holes in network security.
Architecture
NetRecon
has three main components, a graphical user interface (GUI), a scan engine, and
scan modules
Documentation
NetRecon
includes the following documentation: Installation and Getting Started Manual
(hard and soft copy), Release Notes (hard and soft copy), On-line Help File (F1
Help), Vulnerability List (soft copy), Vulnerability and solution (fix)
recommendations in each report (soft copy), Supplemental information online.
Release Notes for each security update (soft copy)
What
are the minimum/recommended console OS and hardware requirements?
The
minimum hardware system requirements are:
Windows NT 4.0 with Service Pack 3 or greater
Pentium 200 MHz CPU
64 MB RAM (128 MB recommended)
40 MB hard disk space
Note: NetRecon will not install or run on Windows 95/9
On
what platforms is this certified to run? Will it work on Windows 2000?
Runs
on Windows NT 4.0 and Windows 2000.
At
what layer of the protocol stack is the product working? Is a raw packet driver
installed?
NetRecon
can scan any systems accessible from any protocol found in the Windows NT
Network Neighbourhood. A raw packet driver is also installed for both NT and
Windows 2000 for fast port scans.
Can
multiple scanning engines be deployed and configured from a central console,
i.e. define a single scanning policy centrally and deploy this to all scanners
automatically?
No.
Authentication
between console and engines � Is it available? What algorithm/key lengths?
Not
applicable. NetRecon is a
stand-alone application with the console and engine integrated into a single
product. NetRecon does not contain
any strong encryption.
Secure
logon for policy management?
Yes.
The user is prompted for a password before using the product.
In addition to the login password, NetRecon uses a series of different approaches to protect users from abuse by hackers or crackers. These protections include, but are not limited to the following:
Scan footprints remain on systems scanned by NetRecon
Individual copy of NetRecon tied to registration license
License Key sent to email account
Time limit of 30-days for Evaluation license
Evaluation license can only run scans under 15 minutes (most Medium and Heavy scan objectives require more than time)
NetRecon scans are designed NOT to crash your system or the systems scanned
How
are policies distributed to scanners?
Editing
certain text files can modify policies.
How
are policy changes handled? Will the central console detect which scanning
agents are using a changed policy and redeploy automatically, or does the
administrator have to do this manually? Can it be done once from a central
location or do all scanners have to be updated individually?
Not
applicable. Scanning agents are not
used.
How
many attack signatures?
NetRecon
3.0 with SU9 has 445 vulnerability signatures.
Which
platforms (i.e. NT, Windows 2000, Linux) and network resources (i.e. firewalls,
routers, printers, Web/mail/FTP servers) are covered by the attack
signatures?
NetRecon
scans most OS, including Windows 95/98/NT/2000, Unix (HP-UX, Solaris, AIX, IRIX),
NetWare, (Bindery and NDS) and Linux. It
also scans network devices such as firewalls, routers, hubs, printers, Web
servers, mail servers and FTP servers.
Can
it perform accurate OS detection?
Yes.
It can also detect many network devices using their login banners and
other data for unique identification.
What
types of port scans can be performed?
NetRecon
performs both half-open and full-connect scans. Half-open scans discover TCP and UDP services.
This is also referred to as a fast-port scan or a raw port scan.
Full-connect scans discover both privileged and non-privileged TCP
services.
Can
the administrator define custom attack signatures?
No.
With some skill and an executable, three .INF files can be edited with a
text editor to change scan objectives and add new signatures.
Can
it perform true DoS attacks?
NetRecon
detects several DoS attacks. It
does not actually perform DoS attacks. These
are true checks, not just banner grabbing.
How
are new attack signatures obtained and deployed?
New
attack signatures are distributed via monthly security updates.
Security Updates must be manually downloaded from the Symantec SWAT site,
then executed.
Frequency
of updates? Provide dates of all updates in the last year.
New
signatures are made available monthly.
NetRecon 3.0 SU9:
9 Oct 2000
NetRecon 3.0 SU8:
14 Aug 2000
NetRecon 3.0 SU7:
9 Jun 2000
NetRecon 3.0 SU6:
9 June 2000
NetRecon 3.0 SU5:
8 May 2000
NetRecon 3.0 SU4:
3 Mar 2000
NetRecon 3.0 SU3:
17 Feb 2000
NetRecon 3.0 SU2:
10 Feb 2000
NetRecon 3.0 SU1:
28 Jan 2000
Can
one signature update file be downloaded to the local network and used to update
all scanners from a central location, or is it necessary to initiate a live
connection to the Internet download server for each scanner?
Each
security update, once downloaded, must be run on each NetRecon system to apply
the updates. A live connection to
the Internet download server is NOT required for each scanner.
Can
signature updates be scheduled and fully automated?
No.
NetRecon users are notified via email when new security updates are made
available. They must request to be
notified at time of download and/or product registration.
With the acquisition of Axent by Symantec, use of their Live Update technology would be a logical extension to NetRecon.
Are
scan results available in real time during scan?
Yes
Are
scan results (even as a summary) available on-screen following a scan without
having to run a separate report?
Yes.
Vulnerability records are displayed as the data is discovered in
real-time. The data can be filtered
and analysed as well, even as the scan is in progress.
Advice
on preventative/corrective action when vulnerabilities found?
Yes.
Capability
to auto-fix certain vulnerabilities? If so, is there an �interactive mode�
and/or an undo facility?
No
Automatic
alerting if severe vulnerabilities are found during a scan?
No
Integration
with other scanning/IDS products?
Yes
� Symantec ESM
Management
reporting � range of reports/custom reports/how easy is it to filter and
extract detail? Different reports for technicians and management/end users?
Crystal
Reports are provided with NetRecon. These
report templates generate standard reports targeted for varying audience levels.
The user has the ability to select between three report formats: Executive
Report, Detail Report by System, and Detail Report by Vulnerability.
Report filters are also provided. Reports can easily be filtered to contain one or more vulnerabilities, one or more systems, and/or one or more risk levels, etc. If customers would like to create custom reports, it will require a copy of Crystal Reports.
What
are the limitations and restrictions on enterprise-wide alerting and reporting?
Is it possible to combine reports from several scanners?
The
NetRecon Limited license can scan up to a Class C network.
The Unlimited license can scan any size network.
It is recommended that no more than 3 class C networks are scanned at a
time. Scans can be paused and
resumed, however individual scan reports cannot be combined from several
scanners.
Report
management � archiving? Can historical scans be consolidated/compared for
trend analysis/comparisons
Yes.
Scans can be archived for later recall.
NetRecon extracts the scan data from the MS Access database and stores it
in a NetRecon Data File (*.NRD). Using
Symantec�s ESM product, multiple NetRecon scans can be compared with the trend
analysis functionality.
Can
scans/reports be scheduled for automatic production? Can the results be e-mailed
to administrators or published straight to a Web site?
Yes.
NetRecon has a GUI scheduler for scans.
Scan results can be
exported into HTML for publishing to the web.
This feature is not automated. No
mechanism exists to automatically email scan results.
Does
the product incorporate IDS evasion techniques to test IDS effectiveness? If so,
describe in detail how these are implemented.
No
How
is it licensed? How is the license enforced?
Evaluation
License: You may scan an
unlimited number of network resources from one system. Each scan is limited to
ten minutes unless otherwise authorized by Licensor, and the evaluation license
expires in fifteen days unless otherwise authorized by Licensor.
Limited License: You may scan Your small network (up to 254 unique network resources) from one system.
Unlimited License: You may scan Your large network (an unlimited number of network resources) from one system.
Consultant License: You may scan multiple networks belonging to Your customers as long as permission is obtained before such scan, but such scan shall last for no longer than seven days per customer and Product must be removed thereafter.
Not For Resell (NFR) License: You may scan multiple networks belonging to Your customers so long as permission is obtained before such scan, but such scan shall last for no longer than fifteen minutes per customer and Product must be removed thereafter.
Single Engagement (SE) License: You may scan a network belonging to a single customer for no longer than thirty (30) days. This license is good for use on one (1) of Your customers only and You must obtain permission before such scan. Such scan may only be for delivering assessment services.
NetRecon is licensed by the size of the network as defined by the number of network resources (or nodes). A network resource is defined as individual IP addresses, NetWare servers, NetBIOS systems, routers, and hubs. The license permits execution of NetRecon on a single NT workstation/server to scan a number of network resources (nodes).
Licenses are activated when the correct serial number matches the generated license key. Limited licenses are enforced through the legal agreement and can be audited if abuse is suspected.
End
user pricing information
NetRecon
is licensed and priced by the size of the network as defined by the number of
network resources (or nodes). A
network resource is defined as individual IP
addresses, NetWare servers, NetBIOS systems, routers, and hubs.
The license permits execution of NetRecon on a single NT
workstation/server to scan a number of network resources (nodes).
Evaluation
$Free
Limited
$1,995
Unlimited
$9,995
Consultant (12 Month)
$17,995
Single Engagement
$1,495
NFR (12 Month)
$Free
Ongoing
cost of maintenance/updates
One
year of Standard maintenance is 15% of product cost. One year of Priority maintenance is 22.5% of product cost.
Maintenance is not required.
Click here to
return to the Symantec NetRecon Review
Click here to return to the Symantec
NetRecon Results
Click here to return to the VA Index Section
Send mail to webmaster
with questions or
|