NAI Tool Scans for Network Cracks

By Dennis Fisher  |  Posted 2002-04-01
Network Associates Inc.s McAfee Security division on Monday unveiled a new scanning tool designed specifically to find network vulnerabilities that viruses and worms might be able to exploit.

Known as ThreatScan, the software works in conjunction with the companys existing ePolicy Orchestrator management console and can perform scans of any network-attached device.

ThreatScan works much like traditional vulnerability scanners, identifying operating systems and patch levels of each OS and application. But it also looks for attack vectors commonly used by viruses, such as suspicious open TCP/IP ports, open network shares and applications such as FTP or Telnet.

The software then reports the results of the scan back to the ThreatScan server, which, in turn, recommends fixes for any vulnerabilities that were found and can generate reports based on compliance with a previously established security policy.

All of this data also flows to the ePolicy Orchestrator console, which administrators can also use to deploy and configure ThreatScan, McAfee officials said.

In addition, the new software can identify devices that are exhibiting odd behavior--such as changes to certain registry keys--that might indicate a virus infection.

Rocket Fuel