 |
|
Networks Vigilance NV e-secure V2.1
Brief product description
NV e-secure is a Network Vulnerability Assessment tool. It helps a company determine whether its networks and firewalls are vulnerable to attacks. A unique distributed architecture allows for enterprise-wide vulnerability assessment. It provides for remote segment vulnerability assessment as well as firewall security assessment.
Architecture – brief description
The main interface with the product is e-secure Console.�
The user can manage all e-secure activities, including network security testing, firewall testing,� remote segment network security testing via distributed test engines.
NV e-secure engine is our core technology. Basically, it plays what we call 'test cases'.� The engine is able to inject packets on the network, receive answers from remote systems, check if they are still running and much more. A test case can be seen as the e-secure version of a hacker attack script.�
Additionally, e-secure comes with 2 remote ‘agents’. With e-secure Probe, the user is able to perform firewall security assessment. With e-secure Distributed Test Engine that installs on remote segments, the user can scan these segments from the same console, and get a single report consolidating vulnerabilities from local and remote networks
Documentation�
A Getting started manual is provided. It is an on-line PDF file. We consider our e-secure WEB site a complementary information source as additional information including white-papers are available.
What are the minimum/recommended console OS and hardware requirements?�
e-secure Console - Ethernet or Token Ring network adapter; 50MB of free disk space; and 64MB of RAM on Windows NT4, or 128MB of RAM on Windows 2000.�
e-secure Distributed Engine - Ethernet or Token Ring network adapter; 30MB of free disk space; and 64MB of RAM on Windows NT4 or 128MB of RAM on Windows 2000.
e-secure Firewall Probe - Ethernet or Token Ring network adapter; 20MB of free disk space; and 64MB of RAM on Windows NT4 or 128MB of RAM on Windows 2000.
On what platforms is this certified to run? Will it work on Windows 2000?
Windows NT 4 SP3 and later
Windows 2000
At what layer of the protocol stack is the product working? Is a raw packet driver installed?
A raw packet driver is installed as part of the automated installation process.�
It is used to inject “illegal” packets on the network as well as to perform network/service scans as efficiently as possible.�
Other TCP/IP dialog uses the regular Windows Sockets Interface.
Can multiple scanning engines be deployed and configured from a central console, i.e. define a single scanning policy centrally and deploy this to all scanners automatically?
Yes. We have “Distributed Test Engines”. They play test cases on their local segments, on behalf of the console and report results in real time using a secure channel. The Console keeps complete control on the scanning policy meaning it is not ‘deployed’ to remote scanners.
Authentication between console and engines – Is it available? What algorithm/key lengths?
There is no real authentication between console and engines yet. However, the information exchanged between console and engines are encrypted using the openssl 3.0 algorithm. The key in use is 1024 bytes length (RSA).
Secure logon for policy management?
Not needed. Administrator privileges are requested to run the product.
How are policies distributed to scanners?
At connection time, the entire policy settings (test cases configuration, policy parameters etc …) are sent to each connecting scanner.
How are policy changes handled? Will the central console detect which scanning agents are using a changed policy and redeploy automatically, or does the administrator have to do this manually? Can it be done once from a central location or do all scanners have to be updated individually?
Policies are managed centrally in the console. The policies are sent dynamically to the remote agents each time a session is run.
How many attack signatures?
At this time (Nov 6), 542 Test Cases are included in v 2.2.
Which platforms (i.e. NT, Windows 2000, Linux) and network resources (i.e. firewalls, routers, printers, Web/mail/FTP servers) are covered by the attack signatures?�
Our Test Case database mainly includes scripts for Windows NT and Unix systems. However, a number of test cases for other network devices (routers, switches, printers) are also provided.
Can it perform accurate OS detection?
Yes. A network finger-printing capability is included. Accurate OS detection avoids playing test cases when inappropriate.
What types of port scans can be performed?
TCP and UDP port scans are available. Scanning ranges are configurable with a LowPort – HighPort interval.
As e-secure is an assessment tool, not an attack tool, port scanning does not do any attempt to conceal its activity.
Can the administrator define custom attack signatures?
No.
Can it perform true DoS attacks
It performs true DoS attacks. Some attacks may also crash the target system.
How are new attack signatures obtained and deployed?�
Automatic product updates are part of the product. With its registration key, the user obtains a “login” on our e-secure web site. At each product start-up, the user has the opportunity to check for an update package. Installation of the available packages is completely automated.
Frequency of updates? Provide dates of all updates in the last year.
Between one and 2 updates every 2 weeks. “High urgency” updates can also been produced if required. No information for last year is applicable.
Can one signature update file be downloaded to the local network and used to update all scanners from a central location, or is it necessary to initiate a live connection to the Internet download server for each scanner?
Only the Console needs the Internet connection. The remote engine updates via the Console connection which acts as a sort of proxy. However, this process has to be repeated for each remote engine.
Can signature updates be scheduled and fully automated?
The console needs to be started in order to update. However the console can be configured to automatically check for updates with or without user confirmation. A fully automated web upgrade is planned in a future release.
Are scan results available in real time during scan?
No
Are scan results (even as a summary) available on-screen following a scan without having to run a separate report?
Yes. In fact, it is quite possible to do all the after-work inside the console GUI, without going through the generated reports [Editor’s Note: e-secure is one of the best products we have seen in this respect]. Some users might find it easier to browse through.
Advice on preventative/corrective action when vulnerabilities found?
Advice is given on potential vulnerabilities. We usually direct the reader to relevant pages on vendor web sites.
Capability to auto-fix certain vulnerabilities? If so, is there an “interactive mode” and/or an undo facility?
No.
Automatic alerting if severe vulnerabilities are found during a scan?
A colour code warns about the follow-up urgency but no special alerting mechanism takes place.
Integration with other scanning/IDS products?
No.
Management reporting – range of reports/custom reports/how easy is it to filter and extract detail? Different reports for technicians and management/end users?
Manager reports give some factual information on the holes found and their follow-up urgencies. They are readable by non specialists.
Administrator reports provide all the technical details. Links to our e-secure WEB site guarantees that reference information (e.g. patch availability) is as up to date as possible.
Services reports contain similar information as administrator reports, although it is displayed service by service for easier security improvement planning.
Host reports document on open services (TCP, UDP, RPC).
Delta reports focus on new vulnerabilities (since previous job) only.
Historical reports display trends in numbers of vulnerabilities.
Furthermore, as previous job results are stored in a database, it is possible to re-generate reports at any time.�
What are the limitations and restrictions on enterprise-wide alerting and reporting? Is it possible to combine reports from several scanners?
In our architecture, a single report can be obtained, consolidating vulnerability assessment from several test engines located remotely.�
Report management – archiving? Can historical scans be consolidated/compared for trend analysis/comparisons
All job results, while in “Session mode”, are automatically saved in a local database. Comparisons can be done easily with Delta reports and Historical reports, which can be generated at any time.
Can scans/reports be scheduled for automatic production? Can the results be e-mailed to administrators or published straight to a Web site?
Scans can be scheduled at a later time. The standard OS features (AT command) are used. An e-mail with attached generated report files can be sent to the requesting user. As reports are generated using standard HTML format they can be accessed locally or remotely using the local explorer.� No publication on WEB site.�
Does the product incorporate IDS evasion techniques to test IDS effectiveness? If so, describe in detail how these are implemented.
No.
How is it licensed? How is the license enforced?
Licenses are per “class C” (/24) network segment. Multi-segment licenses as well as site licenses are available. A “Class C” license gives the right to install 2 consoles and unlimited number of probe / distributed test engine. License information is stored in a binary file generated by Networks Vigilance or Cyrano.
End user pricing information
1st range��������������� US$ 9,900�
2nd range�� �������������US$ 9,000�
3rd and +�� �������������US$ 5,000 per range�
Site license����� �������������US$ 250,000�
(“range” means “class C” segment, maximum 254 addresses)
Ongoing cost of maintenance/updates
Yearly maintenance fee:����� 18 %
Click here
to return to the Networks Vigilance NV e-secure Review
Click here
to return to the Networks Vigilance NV e-secure Results�
Click here to return to the IDS Index Section
Send mail to [email protected] with
|