If you want to implement a specialized set of scans, you can create your own security check. To do so, use the software’s intuitive tree-based UI, which groups specific vulnerabilities according to type and class. For example, I decided that I didn’t need to run password and file-sharing checks against my Microsoft IIS server, so I simply cleared the Permissions and Web Server check boxes. I also determined that I didn’t need to run sendmail and ssh security checks (both of which are useful for my UNIX systems) against my PDC, so I cleared the appropriate check boxes to save time while scanning my domain controllers (DCs).
After I created the appropriate scan checks, I used the scheduling feature to create automated jobs. Creating a scheduled event was simple. I selected the Jobs container, then used the context menu to create a new event. I assigned a name to the event (i.e., Nightly Domain Controllers Scan) and selected the appropriate security check. I then selected the PDC and BDC groups from the target list and configured the job’s frequency (e.g., nightly, at midnight). bv-Control for Internet Security also includes an Auto Fix feature, which monitors your registry and file permissions for aberrations. If a scheduled scan detects an aberration, the software automatically fixes the errors. I wanted the scan to run unattended, so I enabled the Auto Fix feature.
The duration of a scan depends on the type of scan that you choose. bv-Control for Internet Security can take seconds or minutes—and even longer if its port scanner runs into a firewall. For example, a scan of my Web server took just over a minute to complete, whereas a complete network scan took roughly half an hour. As a scan runs, the software provides information about the current security check, the number of holes it’s finding, and the severity of each hole. This information won’t make your scan go any faster, but you’ll appreciate the depth of data that you get during lengthy security checks.
After a scan is finished, the software publishes a report. As Figure 2 shows, bv-Control for Internet Security’s reporting features provide a cursory view of the security holes that the scanner detects. This quick summary report gives you a list of your network’s vulnerabilities, informs you whether the software has automatically fixed the problems, and briefly describes each hole. The software detected 15 security holes on my PDC and another 16 vulnerabilities on my Web server. I expected some of the holes (e.g., short passwords, passwords based on English words) and attributed other vulnerabilities to carelessness (e.g., forgetting to disable the guest account and insecure shares). Some of the weaknesses were inherent to the NT architecture (e.g., external users who use NetBios to access the browse list).
The software uses HTML to generate reports, so you can click on a security hole’s link to obtain information about the vulnerability. This functionality lets BindView include context-sensitive links to external sites such as NTBugtraq and the Windows 2000 Magazine Web site so that you can gather hotfixes and specific vendor information.
The summary report is the product’s default reporting format, but you can configure the program to output as much data—even in chart form—as you want. You can create a simple Executive Summary report that gives you only the basics, or you can set bv-Control for Internet Security to give you all available information (e.g., descriptions, fix availability, security check output data) in an in-depth technical Administrator Report. The software automatically archives old reports. Therefore, you can use the Compare Reports feature to perform trend and differential-analysis runs, which help you ensure that your network’s security holes remain closed.
BindView uses RapidFire Updates to keep bv-Control for Internet Security up-to-date with knowledge of the latest security holes and exploits. BindView distributes its updates—unlike auto-update features—over email. Email distribution lets the company use pretty good privacy (PGP) encryption to ensure the integrity of the updates. BindView’s RAZOR security team has a solid reputation for keeping abreast of the latest security problems, so you’re in good hands when it comes to fast and frequent updates.
bv-Control for Internet Security might not suit all environments. Because the product uses an agentless design, every scan that you run sucks up precious bandwidth across the network. If you’re working with large networks, expect bv-Control for Internet Security to keep your switches spinning. You can work around the bandwidth problem by installing the software on multiple machines so that you attain a load-balancing scenario. Unfortunately, this workaround makes report consolidation a logistical nightmare.
bv-Control for Internet Security is an excellent product for security-conscious environments. Its combination of power and ease of use makes it a perfect fit in small to medium-sized networks. Because the product’s design and prohibitive cost preclude it from the upper echelon of enterprise networks, it isn’t the penultimate security solution. However, bv-Control for Internet Security—with its extremely flexible reporting features—is simply one of the finest security management products available today.