AMT Banner ADMINISTRATION SOFTWARE SITE MAP AMT SOFTWARE CONTACT AMT SOFTWARE PURCHASING FROM AMT SOFTWARE SEARCH AMT SOFTWARE SOFTWARE PRODUCTS LISTINGS AMT SOFTWARE HOME TOOLS AND UTILITY SOFTWARE DATA REPLICATION AND FAIL-OVER PRINT MANAGEMENT SOFTWARE NETWORK MANAGEMENT SOFTWARE EXCHANGE SERVER SOFTWARE SECURITY SOFTWARE DEPLOYMENT AND UPDATING SOFTWARE ACTIVE DIRECTORY SOFTWARE MANAGEMENT SOFTWARE FOR WINDOWS SERVERS BY AMT SOFTWARE

Iris

Iris™ The Network Traffic Analyzer

CRN Test Center Review at PC Expo 2001

Iris, Network Traffic Analyzer

REVIEWED AT: PC Expo 2004
By Rob Carbone, www.crn.com

 

Features

  • Quick installation and setup
  • Iris is simple to use and understand
  • Supports multiple Web protocols

The threat of employees misusing company data is just as real as the threat of a hacker outside the firewall. That reality has lead to the introduction of many products that monitor network traffic to secure evidence of misdeeds. Iris, eEye Digital Security's newest network security product, is an advanced data and network traffic analyzer that stores, organizes and reports all traffic on the network.

 

Analysis
Iris requires Windows 9x, Windows NT or Windows 2000, IE 4.01 or higher, comctl32.dll 5.00 or higher. Minimum hardware requirements are: a 400MHz Pentium II, 128Mbytes of RAM and 10 Gbytes of hard disk space. The product was tested on a Windows 2000 system with 128Mbytes or RAM and a 650MHz Pentium III processor. The system was connected to a hub to sniff packets broadcast through it.

The sniffer needs to be installed on a system high in the network structure to a hub with a managed port, after a main switch or close to the main gateway. If going through a switch, a hub must be present as a go-between. The product recreates user's Web sessions and displays in HTML, packet or ASCII format. Filters can be setup to display customized information. Administrators are able to monitor traffic based on a specific IP address, MAC address, and even a specific word. The filters can monitor Web-browsing patterns and determine what their employees are actually doing.

 

Commentary
Iris is different from other network sniffers on the market in that its advanced, integrated technology allows it to reconstruct network traffic in a format that is simple to use and understand. The Iris network protocol analyzer displays a wealth of information that can be filtered to the needs of the administrator. Iris displays a clear picture of the network traffic in a simple and efficient manner.

The software uses advanced proprietary features that reconstruct packets, perform packet manipulation, forging, log sniffed packets, log reconstructed packets and log network wide foreign connection attempts. The filters employed can filter by hardware layer, protocol layer, MAC address, and IP address, port and even by key word.

The process of monitoring both incoming and outgoing traffic allows Iris to capture and retrace the steps of any network user. Its features are revolutionary and allow IT administrators to proactively monitor the network. Iris also allows the detection and complete documentation of an intrusion from outside the firewall.

Although the product gives a wide range of filtering options, filtering based on protocol, IP address and key word were the most effective. A good example is the HTTP filter that was created to monitor port 80 traffic. It retrieved sites that were popular among monitored users and gave the administrator reason to investigate the site and decide on whether it was counter productive. The statistics that are generated can be used to prepare impressive report for upper management.

Iris's guard feature works in conjunction with the filters that are configured by the user. It monitors the guarded port for any TCP/IP activity that matches a specific connection sequence. Iris then alerts the administrator of the connection attempt. An audible alarm can also be configured. The product gives IT staff the convenience of filtering which allows them to focus on only the relevant data.

The documentation is available on the installation CD as a PDF. It is informative and gives a nice overview of Iris's feature and an appendix that gives a brush up on networking basics and an introduction to TCP/IP. A handy CPU usage meter on the bottom of the screen allows the administrator to see the load of the system.

With so much happening at once, Iris provides a clean looking GUI that allows for multiple processes and switching between tasks.

--Aniel Sukhram

PRODUCT NAME: Iris
PRICE: US$995
AUTHORIZATION REQUIREMENTS: None
URL: www.eeye.com

 

All trademarks are property of their respective owners or holders. Information subject to change without notice
Copyright © 2000 - 2008 AMT Software. All rights reserved.