Category: Network packet monitoring utility
Name of tool: Vision v. 1.0
Company name: Foundstone Inc.
Price: $100, 30 day free trial
Windows platforms supported: 2000, NT (needs psiapi.dll)
Quick description: Port and applications analyzer for NT and 2000 machines only
**** = Very cool, very useful
Extremely easy and straightforward to use.
Screen layout intuitive and simple to navigate.
Can't do generalized port scanning of remote machines
One of the more terrifying aspects for corporations connecting their servers to the Internet is not knowing if they have left open a backdoor for hackers to take over these computers. If you are running Windows NT or 2000, chances are you have seen the many reports of break-ins and compromises to unprotected systems, or systems that hadn't been properly prepared by network administrators.
Part of the problem lies squarely with Microsoft: keeping a Windows server locked down isn't easy. There are patches, service packs, and a raft of other software utilities to apply and you must keep current with these programs as new vulnerabilities are discovered.
There has to be a better way, and Foundstone Inc. has come up with one. Called Vision, it is a small software utility that you load on each of your servers. As its name implies, it will provide all sorts of insights into what is running on your machine, and give you a few new twists to how various applications make use of your server. Foundstone is a serious security company that does large-scale penetration testing among other security-related services. They have taken their expertise in the higher-end market and brought it down to earth in Vision.
The software has several different utilities that are rolled together in a single package and use a similar layout to Outlook's shortcut bar. The most useful and unique tool is the Port Mapper. It will tell you every open TCP/IP port on your machine, and more importantly, which application has opened that port. If there is something running that shouldn't be, or if you have an open port that can expose your server to attack, you will readily see it in this display. You can also use this tool to type in commands and send them directly to the application, which could be useful if you know what kinds of commands the application expects.
There are other utilities that come with the product, including a thorough listing of services, devices, and applications. Sure, you can obtain this information directly from various Windows control panels, but it is nice to have it all collected for you in one place to let you explore your servers and understand better what is running on them. I found out that Microsoft Word XP opened up a UDP port on my computer for its document collaboration tool as an example, something that you probably wouldn't expect.
You can probably duplicate many of the functions of Vision with general-purpose port scanner like Netcat, a protocol analyzer and a few other utilities. But why spend all this time when you can get something that does a very nice job and doesn't cost a bundle of dough? Vision is free for a 30-day trial, and it costs $100 to purchase a license. It is well worth it, especially if you have to put up a new Windows server on the Internet quickly and can't be sure if it is setup properly.
**** = Very cool, very useful.
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.
David Strom is president of his own consulting firm in Port Washington, NY. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant, and corporate IT manager. Since 1995 he has written a weekly series of essays on web technologies and marketing called Web Informant. He is also the author of the recent McGraw Hill book, Home Networking Survival Guide. You can send him email at firstname.lastname@example.org.