Government Computer News
Program detects dangers that run silent, run deep
IPsonar can find vulnerabilities you didn’t know existed
Digg
De.licio.us
Slashdot
Technorati
When it comes to security, the problem with large enterprise networks is that most network defenses are static, but connectivity is dynamic. Over time, even the most secure networks develop vulnerabilities—and there is little network administrators can do to prevent it. IPsonar version 3.6.3 from Lumeta Corp. can help get a handle on both known and unknown network configurations and the vulnerabilities within them.
The known network comprises systems you know are attached to your network and should be configured in a certain way. The unknown network is made up of clients and devices that you did not even know existed. With large networks, the unknown parts can easily outnumber the known.
IPsonar is designed to be the first step in an overall security plan. It scans a network using various protocols to see what devices can connect to the outside world and to each other. The software can run on a 1U appliance or from a standard notebook. We tested the notebook version.
We hooked up IPsonar to the dirtiest, craziest, most hodgepodge network we could find—the GCN Lab test bed. With hundreds of software and hardware products coming and going throughout a year of testing, the lab network can start to look pretty chaotic to a data packet trying to navigate its way through. Interestingly enough, though, the same network will look different depending on the packets that are used to analyze it. IPsonar takes a “packet’s eye view”; some packets can’t find their way out of certain devices while others can. At the end of a scan, the software generates a graphic that shows what types of packets can connect throughout a network, which provides important information, and could be a little surprising if you happen to believe your network is properly locked down.
Rapid network scans
Scanning the GCN Lab network took only about 15 minutes, with about 200 active devices scanned. But the program can handle virtually any size network. Because IPsonar does not actually try to access each device (it merely maps the connectivity options among them), the scans are surprisingly quick considering the detailed info they generate.
The program performs three main functions. First is network discovery. In the network discovery phase, the program will identify the route-based connectivity between devices and also identify how aggressively subnet masking is implemented. It will zero in on any forwarding devices and filtering devices, such as network firewalls.
![1105 Government Information Group [justice]](/images/1105logo_website.gif "Government Computer News [justice]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
