NetSonar is a Cisco Systems-developed product, now named Cisco Secure Scanner. NetSonar is a software tool designed to investigate vulnerable systems within a network and report the vulnerabilities to the network administrator.
NetSonar scans the network to uncover systems that might be vulnerable to security threats by performing a number of predefined steps:
• Network mapping—NetSonar compiles an electronic inventory of all host devices on the network.
• Security assessment—NetSonar identifies potential security holes by probing and confirming vulnerabilities in the network.
• Reports—NetSonar communicates results to the administrator detailing the assessment, such as detailing what operating systems are in use, what the host addresses are, and the associated vulnerabilities.
• Network security database—This database lists the critical problems and organizes them by operating system, system services, and device types.
Figure 6-5 displays the process completed by NetSonar.
Figure 6-5 NetSonar Phase Functions
Phase I—NetSonar sends out ICMP echo requests (pings) to query hosts.
Phase II—All live hosts are collected and stored on particular port numbers.
Phase III—NetSonar identifies the hardware devices that might be vulnerable, such as routers, switches, firewalls, printers, desktops, and hosts that responded to ping requests.
Operating systems and network services are documented and labeled as potential vulnerabilities.
Phase IV—Vulnerabilities are confirmed. This phase is intrusive.
Phase V—The data is charted for presentation. The data can also be charted graphically as line or 3D bar graphs.
Phase VI—The data is reported in a number of different formats, including a summary report, a short and detailed report, or a full technical report.
NetSonar software has the following hardware requirements:
• Intel Pentium I or higher
• TCP/IP software or Sun Sparc Solaris with version 2.5 and higher
Any HTTP browser can be used to manage the NetSonar server, which can be located anywhere in the IP network.
Cisco Systems details more security products at the following URLs:
Cisco defines a Security Wheel concept that outlines the critical steps to ensuring that data and networks are secured correctly. The Security Wheel revolves around a strong, well-defined corporate policy. The Security Wheel consists of the following:
• Secure—After defining a strong corporate policy, you should secure your network by deploying the products necessary in the appropriate places to achieve your corporate security goals.
• Monitor and respond—Continuously monitor using NetRanger tools at strategic points in the network to discover new vulnerabilities.
• Test—On a regular and formal basis, test all network components.
• Manage and improve—Analyze all the reports and metrics supplied by NetSonar and continue to cycle through the Security Wheel by going through all these steps continuously.
Figure 6-6 displays the Cisco Security Wheel graphically.
Was this article helpful?