Problem solve Get help with specific problems with your technologies, process and projects.

NetIQ analyzer a solid choice

In this edition of Strom's Security Tool Shed, David Strom offers his insight on NetIQ's Security Analyzer

Category: Security analyzer
Name of tool: Security Analyzer v4.0
Company name: NetIQ Corp.
Price: $60 per node, for a minimum of 20 nodes. Per node pricing drops to $35 per node at largest quantities.
Platforms supported: All Windows operating systems with Internet Explorer Version 4.0 or better installed. Unix systems can also be scanned as well.

*** = Hey, not bad. One notch below very cool.

Key features:
Pros -
A solid series of security scans for your enterprise network servers.
Reports include links to where you can download patches and fixes.

Cons -
Some of the suggestions offer contradictory advice, or are vague when it comes to NT or Windows 2000 directions.
Remote agent installation is a bit of a bear.

If you are looking for a solid way to find and then tighten up your Windows and Linux server security, a good place to start would be with NetIQ's Security Analyzer. The software runs on just about any Windows 32-bit platform and will scan for hundreds of different problems, configuration weaknesses and backdoors that are, unfortunately, part of the Windows way of life.

You could do much of the same thing if you read various security texts and spent time on Microsoft's Web site tracking down each vulnerability and security warning, along with a bunch of free security tools. But a far better solution, especially for enterprises that have multiple servers and are concerned about their security profile, is to run this software.

Included in its purview are the traditional password strength tests, TCP port scans and Windows networking vulnerabilities. But there are also plenty of other tests that you can include in your scans as well, such as scans for Web and FTP services and other applications that may have opened up your servers while you weren't looking. A total of over 1,500 different tests are included, and the software will automatically add new ones and update itself across the Internet (like Symantec's LiveUpdate and other similar products), so that you always have the latest testing scenarios.

There are some tricks to using the product, however.

First off, you need to install a central console that will coordinate the various scans and display the reports. The minimum RAM suggested by NetIQ is 64M bytes, but I found that you probably want to find a machine with at least double or triple that and at least a 500 MHz Pentium. While Security Analyzer will run on a slower machine, it so slow that the experience is like watching paint dry. This console must run on a Windows machine.

Next, you need to install the Analyzer agents on your various servers around your network. These can be either Windows or Unix computers. You also can make use of one or more pre-set series of tests, or you can design your own from the numerous options down to a very specific series if you are just trying to track down one or two specific items. NetIQ calls this a profile. I found that having a printed manual was essential to getting this product set up properly.

You control all of the agents from one console, which is a good thing. Getting the agents set up the first time is a bit cumbersome, but once you work through the multi-step process and see what is involved, it isn't too onerous, and you can automate much of it to deploy the agents throughout your network. I forgot to include the username on my domain and had to repeat the process, something that isn't too carefully spelled out in the manual. NetIQ tells me they are working on improvements to this technology in the next version.

For my tests, I ran the console program on a Windows 2000 Professional machine and also installed a remote agent on Windows NT Server.

The nice thing about the agent-based approach is once you get them working and deployed, you don't have to touch these servers again to perform the scans on a regular basis. The bad news is that after the scans are first done, you will have a long, and I mean long, laundry list of items that will need your attention.

For the most part, I found that Security Analyzer presents its fixes in plain English, giving you hypertext links to various Web sites where you can download the patch or fix for the problems that the scan uncovers. Working through this list will be time consuming, and many of the issues are very obscure. I guess that is good, because the more obscure the problem, the greater the chances are that someone can penetrate your network or take advantage of some sloppy network administration.

For example, while I disabled the Guest account and renamed it to something else, I forgot to require a password for this account, something that my scan picked up. I also found that if you haven't yet applied any Service Packs (SPs), you'll want to do that before conducting a scan, otherwise the list of items to fix would be miles long. If you haven't gotten around to applying SPs to your computers, then by all means, do this before you invest any more time in checking out your servers.

Speaking of applying SPs, I did find some contradictory instructions in my reports: Some of the suggestions indicated applying SP1 to my Windows 2000 machine, even though I had already applied SP2. The software could also be more clear on which SPs to apply and in what order, something that can vex even the most experienced Windows administrator. And some of the reported problem descriptions weren't specific to NT or Windows 2000, even though the software correctly recognized the version of the operating system being scanned.

These are minor issues, however. This is a terrific product and well worth the price. The software is sold on a per-node basis, meaning that anything you want to scan plus the console is considered a node. You can download a free and fully functional trial version at the company's Web site that works for 15 days and up to five different nodes.

Strom-meter key:
**** = Very cool, very useful
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.

About the author
David Strom is president of his own consulting firm in Port Washington, NY. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him e-mail at

Talk back! Do you have a comment on this review? If so, go to our .IvubadxHaUo^0@.ee84078!viewtype=&skip=&expand=>Sound Off forum.

Related book

Windows NT 4.0 Server Security Guide
By : Marcus Gonclaves
Publisher Name: Prentice Hall
Date published: May 1998
No of Pages: 352
This book is the first systematic, expert guide to making NT the secure operating system it's supposed to be. You'll find end-to-end coverage of account security, identification, authentication, access control lists, groups and users, object and physical security, securing the Registry, encryption, securing mixed NT/NetWare networks and much more.

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.