Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: L-3 Network Security Retriever and Expert

From: iwchick () clark net
Date: Wed, 12 May 1999 19:19:50 -0400
I haven't had a full working copy but received a demo/briefing on Expert
from the L-3 rep here in the DC area about two months ago.  Points that
stood out for me:

-  The tool doesn't scan for vulnerabilities the way Ballista/CyberCop
does, for example.

-  The tool will do some basic network mapping but doesn't do operating
system recognition.

-  The tool relies on human intervention to plug in the operating systems
that are running on each server or host.

-  The tool reports back all known vulnerabilities for each host based on
the operating system/version, not on a particular identified vulnerability.

-  The database of vulnerabilities associated with various operating
systems is supposedly the largest in existence, it will identify all the
various patches that have been reported for each host based on the
human-identified OS/version.

-  The tool applies a weighted metric to quantify risk, the risk weights
can be modified so you can customize the ratings to meet your priorities.

<personal opinion mode = on>
I think this tool requires too much effort on the part of whomever is
responsible for inputting all the data.

I think it would require a lot more effort to go through the findings and
determine which vulnerabilities are ACTUALLY in place and/or which patches
have been applied.

Coolio if the database is that robust, but think about how much more
effectively it could be applied.

If someone out there knows of changes/updates from the info I received a
couple months ago, please post.

Lori


At 06:05 PM 5/12/99 +0200, Bostjan Peterca wrote:

In Secure Computing Magazine I have read about L-3 Network Security tools,
but after reading the articles I am still confused. What the magazine writes
about can be either yet another network security scanner (Retriever) or
something which will take ISS another year or two or three to come up with
(Expert). 

Does anyone have experience with Retriever and especially Expert (developed
from Trident Information Protection Toolkit)? How do they compare to
scanners from ISS or Axent. Is Expert for example able to map a change in
the configuration of a firewall to overall impact or something like
annualized loss expectancy? 

Regards,

Bostjan
Previous By Date Next
Previous By Thread Next

Current thread: