NeWT Vulnerability Scanner

There are plenty of commercial vulnerability scanners with a range of price tags, but the product that more or less defines vulnerability scanning and assessment products is available for free. Nessus is arguably the best available. For Windows networks however, it always had one serious problem- it requires a *Nix server to run the scanner. But, Tenable Network Security came out with NeWT (Nessus Windows Technology) to fill that gap and let Windows users enjoy the power of Nessus.

NeWT is a powerful and comprehensive vulnerability scanner for the Microsoft Windows platform. It performs high-speed checks for more than 4000 of the most commonly updated vulnerabilities and inclues a wide array of scanning options. It has an easy-to-use interface and provides detailed reports in HTML format. NeWT, which is available for free, and NeWT Pro, its more powerful, commercial sibling, perform a variety of vulnerability checks including:

• Buffer overflow checks in daemons such as Sendmail and IIS
• Default user accounts
• Misconfigured email, ftp and web servers
• Discovery of open ports and host OS discovery
• Denial of service (DOS) discovery
• Backdoors and virus infected host
• P2P, chat and suspicious file sharing services

With the proper authorization, NeWT can log into Windows or UNIX servers and perform a security audit of missing patches. NeWT and NeWT Pro 'local checks' support the following UNIX and Windows operating systems:

• Windows: XP, 2003 and 2000
• Linux: SuSE, Gentoo, Mandrake, RedHat Enterprise, Fedora
• UNIX: OS X, Solaris, FreeBSD and AIX

NeWT Pro can also be integrated with the Lightning Console from Tenable to provide centralized management and administration.

NeWT is provided free of charge as a public service from Tenable Network Security. The primary difference between NeWT and NeWT Pro is that NeWT is restricted to scanning only the local subnet of the machine doing the scanning. Tenable also does not provide support for NeWT. But, for home users, small businesses, non-profit organizations and other individuals or small organizations the product will allow them to scan their networks for vulnerabilities free of charge.

Corporations who need to be able to scan more than just one local subnet or who wish to receive support from Tenable Network Security can opt to purchase NeWT Pro.

NeWT Pro licenses cost $6000. Support from Tenable, the 'direct' plugin feed and maintenance for one year is an additional $1200. All NeWT Pro purchases must be sold with at least one year of maintenance, effectively making the price tag $7200 for the first year.

Contact Tenable to receive an official quote for NeWT Pro licenses. Tenable can be contacted by emailing them at sales@tenablesecurity.com or speaking with us at 877-448-0489. Tenable can accept credit card transactions. "Seven Day" NeWT Pro demo keys can be made available to qualified customers.

I was thoroughly impressed with NeWT. I have always been a big fan of Nessus, but I work with Windows platforms most often. It is much more convenient to be able to harness the power of Nessus from within the Windows operating system rather than having to also configure a *Nix server to run the back-end scan engine.

Installation was quick and simple. The NeWT console screen provides a handful of options: New Scan Task, View Reports, Configure NeWT, Address Book, Manage Plugins and Update Plugins.

I clicked on Update Plugins to download all available plugins and get my copy of NeWT as current as possible. You can opt to scan using all plugins, or you can create a custom set or use one of many pre-defined sets such as the SANS Top 20 or just the Microsoft vulnerabilities.

Scanning my local computer using the complete set of plugins took about 4 minutes. Scanning a remote computer on my network took about 6 minutes. The resulting report provides a good amount of detail describing the issues that were detected, risk factor level, possible solutions and links to more information.

NeWT is an excellent tool that I highly recommend for personal use and I suggest that enterprises investigate using NeWT Pro.