RedSeal Network Advisor and Vulnerability Advisor review
By Rob Smithers | Network World US | Published: 15:54, 12 July 2010
We installed Red Seal software on our Dell server running Windows XP. Once the server is installed and started, the client is installed. After we logged in with the client application, we could access the server that had a feature-rich GUI dashboard.
Both Network Advisor and Vulnerability Advisor require importing router, switch and firewall configuration files to the database. The analytical engine processes information that includes host names, IP addresses, subnet masks and device interfaces. Analysis results appear in the form of graphical displays, reports, maps and charts detailing the current status and configuration of the network. Plugins are available for a wide range of products from Cisco, Check Point, Juniper and dozens of others.
After device configuration files are imported into the RedSeal Advisor, the files were checked against RedSeal's best practices database. We could drill down to locate the offending policy by double clicking on a selected row. Any changes to hosts and devices could be analysed and reported with the View Changes application.
We accomplished rule usage analysis and reordering by using RedSeal's Custom Best Practice Check feature. Using a regular expression tool, we could search the configuration files and use the available plugin associated with the device. Since configuration files can be edited, we performed what-if analysis to determine if changes to a rule would adversely affect the network.
RedSeal provides preconfigured compliance management analysis reports. We could add and schedule custom reports to run at specific times. We could analyze and report on how well our network was configured compared to best practice checks, and what assets were exposed to the Internet.
We liked how RedSeal's interface for running vulnerability analysis presents a topology map of the network, offering a graphical method for analysing network vulnerabilities. Arrows point from the source of the threat to the assets at risk. The map states highly detailed information quantifying the risk, based on the Common Vulnerability Scoring System (CVSS). This is an important feature for saving time and preventing attacks on valuable assets. We were impressed with seeing the threats at a high level and drilling down into the report to explore the details. The topology map feature provides a similar method for running the pre-defined PCI-DSS analysis on targeted network segments. We could select a network segment and run an analysis report on it with one mouse click.