We talked about network security monitors and scanners in Chapter 20, "Securing Exchange Server." Scanner products plow through network nodes on an IP-by-IP basis looking for such things as missing service packs and hotfixes, open ports, weak passwords, and potentially dangerous assignments of security privileges as well as services, applications, and Registry key entries that might threaten security. Security monitors examine system logs for potential security holes and breaches.
Intrusion detectors are sort of intelligent firewalls for networks, servers, and workstations. They can find and thwart internal and external attempts to access resources far beyond the port and protocol level.
LANGuard Security Event Log Monitor LANGuard Monitor combs Windows event logs looking for evidence of internal and external security violations. It provides real-time notifications and reports to system managers. LANGuard also supports systemwide log management, including automated archiving and clearing of event logs. Contact: GFI Software (www.gfi.com)
LANGuard Network Security Scanner LANGuard Scanner looks at network nodes for known security problems. It's fast, and we have found it to be quite accurate. It produces very nice reports in HTTP format. LANGuard can remotely install service packs and hotfixes. Contact: GFI (www.gfi.com)
Monitor Magic Monitor Magic stores its findings in Microsoft SQL Server or Access databases. It comes with a range of very useful preconfigured security and other reports. A web interface is also included. Contact: Advanced Toolware (www.advtoolware.com)
Network Monitoring Suite Network Monitoring Suite includes features similar to LANGuard Monitor. The product also includes performance monitoring based on Windows performance logs and Windows service monitoring with auto restarts. Contact: LANWare, Inc. (www.lanware.net)
RealSecure Network Protection Components The RealSecure Network Protection Components suite includes modules for networks, gateways, servers, and workstations. The modules detect attempted internal and external intrusions and stop them in real time. Contact: Internet Security Systems (www.iss.net)
RealSecure Vulnerability Assessment The RealSecure Vulnerability Assessment suite includes components for the Internet, servers, databases, and 802.11b wireless networks. These components scan their targets looking for a range of security threats. This product offers the most comprehensive approach to system security. Contact: Internet Security Systems (www.iss.net)
RETINA Network Security Scanner Like LANGuard, RETINA scans network nodes for known security problems. The program includes an interesting if not easy-to-validate artificial intelligence component that tries to get into a network as a hacker might. In our experience, RETINA is fast and quite accurate. Contact: eEye Digital Security (www.eeye.com)
SecureIIS SecureIIS is designed to protect Microsoft's Internet Information Server from external and internal attacks. The product examines traffic coming into IIS and stops packets that pose a threat. It can protect IIS servers with security problems for which Microsoft has not yet issued fixes. Contact: eEye Digital Security (www.eeye.com)