December 06, 2000, 10:25 AM — Infoworld's Golden Guardian award recognizes the outstanding work of
product vendors for their efforts in delivering valuable security products to the
public. But frequently we come across products that don't fit the traditional mold of
full-blown commercial security tools.
This week we highlight those products, which include freeware, shareware, and
nonsecurity products -- all of which can be used to secure your networks.
As security consultants, we are married to our laptops. But traveling around the
world with two six-pound "lappies" (one for Windows NT/NetWare and one for Linux) and
30 pounds of accompanying hardware can put severe crimps in our necks, not to mention
our airport gate dashes. But the rocket scientists at VMware ( href="http://www.vmware.com" target="_new">www.vmware.com) have developed what may
be the most
remarkable software we've seen in years. The product is called VMware, and it allows an
NT virtual machine to run within Linux, and vice versa. With VMWare, we no longer have
to whip out both laptops to perform an NT and a Unix review. Instead, we can perform
complete security assessments of Unix, NT, even NetWare environments -- all from a
single machine. The benefit to us road warriors is enormous.
But there are other uses of VMware in security: The product can be used as a "honey
pot," tempting those wily attackers into your NT lair, yet all the while running under
Linux. With sufficient logging and monitoring of the activity on the NT partition, one
could track and record the activities of the attacker and store them on the Linux
system by sending them via syslog to the Linux IP address. And the "undoable disk"
feature of VMware allows you to back off the changes made after the attack, starting
fresh for the next victim. Unfortunately, you cannot review the actual changes made to
This function would be an enormous resource for later forensic analysis. The only
other concern we have about the product will likely disappear with time and ever-
decreasing hardware prices: The guest operating system performs fairly slow when using
the virtual 2GB hard-drive option. Although not intended as a security product, VMware
does offer the functionality to dramatically increase your security endeavors.
Another company worthy of Golden Guardian mention is SolarWinds (
href="http://www.solarwinds.net" target="_new">www.solarwinds.net). We have written
SolarWinds in past columns, and we use their products religiously during assessments.
We consider the IP Network Browser to be the definitive SNMP discovery and enumeration
tool available for NT. SolarWinds also produces an entire suite of network management
tools, including a Cisco router password decryptor and configuration file