The Best Security Scanner Revealed
Network World, in their 02/04/02 issue, started out like this:
"In the past, there hasn't been much good news about the state
of vulnerability-assessment scanners. Their reputation has been
plagued with false positive reports, lack of scalability, lagging
updates and inadequate reporting tools.
"While some areas still need a bit of improvement, vulnerability
scanners have useful tools for helping network professionals
identify potential vulnerabilities and security. However, we also
found that many of these products may have trouble scaling to fit
the requirements of enterprise networks.
"In our testing, we reviewed products from eEye Digital Security,
Nessus, Symantec, Internet Security Systems, NetIQ, Network
Associates, PatchLink and Harris. Cisco and BindView declined
"We evaluated how each identified our network vulnerabilities;
what resources it required to run and then scale to a larger
network; its reporting tools; what it offered as security
recommendations and autofix features; and installation and
ease of use.
"eEye Digital Security's Retina is the Blue Ribbon Award winner.
Harris' Security Threat Avoidance Technology (STAT) Scanner
was a close second, but it fell a bit short in the ease-of-use
category." End quote. The complete article is definitely worth it.
Make sure you check their Scorecard and Net Results chart. Here
is the link to the Retina page and the full Network World article:
SANS Institute Announces Five New Security Certification Courses
SANS Institute announces five new training and certifications for
security people. Auditing Systems and Networks, Certified Information
Security Officer, and System Forensics to add to their programs on
Windows 2000/XP Security, Intrusion Detection, and Firewalls? Check
these out at:
NEW TOOL: UDeploy Breaks The W2K 120 Day Eval Period!
UDeploy 2000/NT is the only software utility that can upgrade
the Evaluation Edition of Windows 2000/NT to the Retail Edition
without forcing you to re-install Windows 2000/NT.
It can remove the 120 day evaluation period or the 10 user limit
from Windows 2000/NT. It preserves all of your service packs,
hotfixes, device drivers, user preferences, and applications.
Check these scenarios:
- Only UDeploy 2000/NT will upgrade Windows 2000/NT without re-installing the operating system. There is no difference between the editions of Windows 2000/NT except for a handful of DLL files (related to licensing) and a few registry keys. Otherwise they are the same. There is no reason to force you to re-install all of your system DLLs and drivers.
- UDeploy 2000/NT copies only a minimal set of DLLs from the retail
CD and modifies a few registry keys. It takes less than 15 seconds.
The result is indistinguishable from re-installing Windows 2000/NT.
There is literally no way to tell the difference.
- UDeploy 2000/NT will require you to insert the CD to perform the
upgrade. It will perform several tests to verify that you indeed
possess a valid Retail CD. It will prompt you to enter the product
key on the back of the jewel case and verify it. Finally, you must
agree to a legal license where you indicate you own a valid Windows
2000/NT license (with an indemnification clause). UDeploy 2000/NT
will then use the retail CD to upgrade your PC to the retail version
of Windows 2000/NT.
A junior consultant installs NT Server for a client. Not knowing any
better he installs the Microsoft Developer Network (MSDN) version
without realizing it has a 10 user limit. After the client complains
(sometimes months later) he calls Microsoft Tech Support. About half
of the time the tech rep tells him there is nothing he can do, per
The other half of the time he gets a smart tech rep who "unofficially"
refers him to UDeploy. Lose none of your applications or preferences.
Avoid days of downtime. Make minimal changes to your Windows 2000/NT
system. Activate licenses for Terminal Services "Roll back" the upgrade.
Assume you have a PC running Windows 2000/NT Retail that you want to
retire. Your in-house developers need another PC for development.
Insert the Not-for-Resale (NFR) CD-ROM and use UDeploy 2000 to roll
back your Windows 2000 PC to the NFR version or use UDeploy NT to
re-apply the 10 user limit and change the license keys back to the
Deploy in-house software. Many developers subscribe to the Microsoft Developer Network (MSDN). The version of NT provided by MSDN is marked "NFR" (not for resale) and is hobbled by a 10 user limit. If you are an in-house developer,
you want to be able to roll out your application. For example, you
can use Ghost to clone a "production" PC for use by your organization.
But the 10 user limit stops you. Use UDeploy to remove the 10 user
limit from the production PC.
UDeploy NT also works with NT Server Enterprise Edition. UDeploy NT and
UDeploy 2000 are only available on the Sunbelt OnLineShop. Check: