News

  • Home > News

        Security audit appliance runs Windows XP Embedded

        Jonathan Angel | Date: Apr 9, 2008 | Comments: 1


        eEye Digital Security has released an "appliance" version of its flagship network security scanner product. Based on Windows XP Embedded, the Retina Appliance 651 can scan for vulnerabilities on up to 5,000 network assets, including PCs, servers, routers, wireless devices, and databases, according to the company.



        (Click here for a slightly larger view of the Retina 651)

        The Retina Appliance 651 is built around a mini-ITX motherboard with an Intel Core Duo processor, 2GB of RAM, and an 80GB, 7200rpm hard drive. Intended to run in a "headless" configuration and to be accessed using RDP (remote desktop protocol), it includes two gigabit Ethernet ports.

        The device's software includes a hardened version of Windows XP Embedded, plus three of eEye's software products: eEye's Retina Network Security Scanner, Iris Network Traffic Analyzer, and -- for protecting the Appliance 651 itself -- the Blink Professional intrusion prevention program.

        Retina is touted as discovering all the assets on any network the Appliance 651 is connected to. These assets may include operating systems, applications, services, databases, routers, and wireless devices. Operating system discovery is via ICMP, registries, NetBIOS, and the Nmap signature database, as well as proprietary OS fingerprinting. Retina also has profiles for 2,000 of the most commonly used ports, and allows for scanning of all 65,536 ports on any network device, eEye says.

        Although primarily aimed at Windows devices, the Appliance 651 can scan Linux and Unix devices as well as Cisco routers. Once a scan has been performed, any salient vulnerabilities are categorized according to risk level. A "fix-it" function can be used to remotely correct issues such as incorrect registry settings and file permissions, the company said.

        Separately, the Iris Network Traffic Analyzer is said to provide a wide variety of statistics, including bandwidth usage, most frequently accessed hosts, protocols, and packet-size distribution. Iris can capture data in packets, then turn it into complete HTTP, SMTP and POP3 sessions in their original format, allowing email, web browsing, FTP transfers, and instant messenger exchanges to be reconstructed, according to the company.

        Finally, the Blink intrusion prevention program protects the Appliance 651 itself. Blink, which prevents specified registry settings from being modified, includes both a firewall and antivirus protection. The program discovers viruses using signatures, regularly updated by eEye, and by continuously monitoring applications for virus-like behavior.

        Further information

        The Appliance 651 is available now, for prices starting at approximately $2,500.


        Related stories: