Ballista
Evaluation Halted: Aug 4th,
1997
This evaluation was done on a copy with very
limited functionality . The report is not complete until a fully functional
copy of Ballista can be obtained.
Name
Ballista
Release Information
Product of Secure Networks Inc (SNI)
Version 1.2
Evaluation copies available for download at http://www.secnet.com
Support
Email : Ballista-questions@secnet.com
Ph : 403-262-9211
(I must say that the quality of support provided could be better.
They have not even bothered to send me a fully functional copy of their
product inspite of two reminders)
Functionality
The Ballista Security Auditing System is a network security auditing
tool on the lines of the ISS Scanner. It performs evaluations of intranets,
web servers, firewalls and routers.
Requirements
Supported for the following Unix flavours
- Solaris 2.x
- Linux 2.x
- BSDI 2.x
Documentation
The User Manual which is available at ftp://ftp.secnet.com/pub/ballista/manuals/userguide-html.tar.gz
Installing Ballista
- Change your Desktop Environment to Openview
- Log in as root or use sudo
- cp Ballista_Demo_Solaris.2.5.tar to your local directory
- Unpack the archive in that directory
- Change the working directory to ballista
- Run the script ./xinterface (motif interface) or ./interface
(textual interface)
Problems Faced
- Ballista can be installed only using OpenWindows. It does not work with
the default Common Desktop Enviroment. The developers are working on this.
Starting S3
- Log in as root
- Change working directory to ballista
- Run the script ./xinterface (motif interface) or ./interface
(textual interface)
Problems Faced
- Cannot run the tool without the license key. This key is machine specific
and has to be present in the ballista directory and saved as license.key.
It can be ordered from SecNet.
Configuring S3
Key in the following values while configuring
ballista
- Click on "Create New Configuration" button
- DNS domain name : barnum.cs.purdue.edu
- Host's IP address : < do a
nslookup on the host >
- Network Interface : The default value provided
is usually correct.
- NIS Domain Name : cs.purdue.edu
- Gateway:
- Web Browser : /usr/local/www/netscape
Evaluation Details
The Good News :
The Bad News :
- Poor customer service and techhnical Support
- User Interface could be better
- The evaluation copy does not generate a proper scan
Features
The features can be classified into :
- FTP checks
- Peripheral Device checks (bridges, routers etc)
- Backdoor & Misconfiguration Checks
- Sendmail Checks
- Remote Procedure Call (RPC) Checks
- Network File System (NFS) Checks
- Denial of service checks
- Passwords guessing checks
- World Wide WEb (WWW) Server Checks
- Network and Protocol Spoofing checks
Conclusion
I have not seen a working copy of the complete Ballista tool. The
evaluation copy did not perform a scan on the local host at all.
Recommendation
Discussion.
This review was written by Jai Sundar Balasubramaniyan <balasujs@cs.purdue.edu>
during the summer of 1997. The opinions expressed are for purposes of
critical review, and do not represent any official recommendation or
endorsement by COAST or Purdue University.