Retina CS Community installs on Windows Server 2008 or later, requires the .Net Framework 3.5 to be installed, IIS server enabled, and Microsoft SQL 2008 or later to be installed. Keep in mind, installation on Domain Controllers or Small Business Servers is not supported.
Once the software is installed you're provided with a GUI program for Retina Network Community component and a web-based GUI for the Retina CS Community component. It supports different user profiles so you can align the assessment to your job function.
To scan you can choose from a variety of scan and report templates and specify IP range to scan or use the smart selection function. You can provide any necessary credentials for scanned assets that require them and choose how you want the report delivered, including email delivery or alerts.
Retina CS Community is a great free offering by a commercial vendor, providing scanning and patching for up to 256 IPs free and supporting a variety of assets. However, some small businesses may find the system requirements too stringent, as it requires a Windows Server.
3. Microsoft Baseline Security Analyzer (MBSA)
Microsoft Baseline Security Analyzer (MBSA) can perform local or remote scans on Windows desktops and servers, identifying any missing service packs, security patches, and common security misconfigurations. The 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012, while also supporting previous versions down to Windows XP.
MBSA is relatively straightforward to understand and use. When you open it you can select a single Windows machine to scan by choosing a computer name from the list or specifying an IP address or when scanning multiple machines you can choose an entire domain or specify an IP address range. You can then choose what you want to scan for, including Windows, IIS and SQL administrative vulnerabilities, weak passwords, and Windows updates.
Once the scan is complete you'll find a separate report for each Windows machine scanned with an overall security classification and categorized details of the results. For each item you can click a link to read details on what was scanned and how to correct it, if a vulnerability were found, and for some you can click to see more result details. The reports are automatically saved for future reference, but you can also print and/or copy the report to the clipboard.
Although free and user-friendly, keep in mind that MBSA lacks scanning of advanced Windows settings, drivers, non-Microsoft software, and network-specific vulnerabilities. Nevertheless, it's a great tool to help you find and minimize general security risks.
4. Nexpose Community Edition
Nexpose Community Edition can scan networks, operating systems, web applications, databases, and virtual environments. The Community Edition, however, limits you to scanning up to 32 IPs at a time. It's also limited to one-year of use until you must apply for a new license. They also offer a seven-day free trial of their commercial editions.Nexpose installs on Windows, Linux, or virtual machines and provides a web-based GUI. Through the web portal you can create sites to define the IPs or URLs you'd like to scan, select the scanning preferences, scanning schedule, and provide any necessary credentials for scanned assets.
Sign up for CIO Asia eNewsletters.