We are used to fake computer effects, so we were astonished to see Trinity use a real-life port scanner in the movie "The Matrix: Reloaded" and then execute a hack that actually could have worked against a real computer. Fortunately, the bad guys had not applied the latest security patches.

A vulnerability scanner is the best tool for ensuring that all of your users are following security policies and applying all the patches. We decided to test Qualys Inc.'s QualysGuard Intranet Scanner because it was the first appliance-based vulnerability assessment tool and we wanted to see how well its Web-based management worked.

We also wanted to compare QualysGuard with Nessus Security Scanner from the Nessus Project. There are many vulnerability scanners on the market, but Nessus is popular because it is free and has undeniably good features.

Installing QualysGuard was about as easy as popping the five-pound appliance into a rack and turning it on. The average systems administrator should be able to get it up and running within 15 minutes. Compare that with two hours or more for a competent Linux user to properly configure and install Nessus.

Another advantage of the QualysGuard appliance is that it is designed to automatically keep signature files updated and run recurring scans. Administrators using Nessus must configure the server to provide those functions.

By the way, because of a significant increase in hacker activity during the past few months, we believe vulnerability audits should be conducted every month, if not more often.

We first turned the QualysGuard appliance against itself, trying to find any overlooked vulnerabilities. After trying to break in, we concluded that the Linux system running on the appliance had been masterfully hardened against intrusions. A Qualys technician later told us that even if we had managed to get root access, we still would not have been able to tamper with the operating system.

If you rely on Nessus, it is up to you to harden your Linux or Unix server against attack. We recommend the book "Securing and Optimizing Linux," available at bookstores or as a 486-page free PDF download at www.linux security.com. Stripping out unnecessary daemons and tools and implementing all the steps necessary to secure your network will take a considerable amount of time. Even then, you will still have to keep security patches up-to-date — a process that Qualys has automated on its scanner.