ScannerX offers its clients a range of
vulnerability management scanning services branded as Threat
Portal™ VMS. Below is a collection of Frequently Asked Questions
(FAQ) that provide more detail about vulnerability scanning in
general, and our services.
What is a
vulnerability?
What is a
vulnerability scanning?
Why do we need a
vulnerability scan?
Why is vulnerability
scanning an ongoing service?
Why do we need
vulnerability scanning when we’ve got security policies,
filtering routers, firewalls and intrusion detection?
What are some of the
common vulnerabilities found?
What tools do you
use and do you keep up to date with the latest security
developments?
I can download my
own s
canning software. Why would I need yours?
What's the difference between a
vulnerability scan and a penetration test?
Will your scans damage our data?
If you find anything wrong with our
systems can you help us fix it?
A vulnerability is typically a flaw or bug in a
software application or operating system that can be exploited
to compromise networked systems. Vulnerability assessment is the
process of identifying vulnerabilities with the purpose of
generating solutions which will prevent these vulnerabilities
from being exploited.
What is a vulnerability scanning?
Vulnerability scanning involves looking for
security exposures on your network systems on an ongoing basis.
Its purpose is to regularly test your network systems to verify
that they are as securely configured as you think they are.
Broadly these tests can be split into two parts:
System or Host based network Scanning
System based scanning which includes TCP and UDP
port scanning your systems to determine what services it is
providing, intentionally or otherwise. Such vulnerabilities
include low, medium and high risk vulnerabilities in server
software, operating systems, networking hardware, and more.
Application based domain scanning
Application scanning to determine if your
application servers , web server, mail server, are vulnerable to
any common security exploits such Cookie Poising, Forceful Browsing,
Cross Site Scripting, Hidden
and Form Field Manipulation, and more. The information gathered
from these scans is then provided to you in a report.
ScannerX allows customers to discover and prioritize relevant
application and system security data in order to effectively
manage their security risks in real time.
Why do we need a vulnerability scan?
To assist in preventing your business from
suffering adverse business impacts such as reputation loss and
brand devaluing, legal liability, revenue loss, customer
dissatisfaction, service unreliability etc.
Because of the standardized systems, protocols
and open nature of today’s networking environments, every data
network is at risk of attack and compromise from a hostile
factor such as a hacker or disgruntled employee. Having your
network systems vulnerability scanned on a regular basis helps
to minimize the likelihood of such misuse by informing you of
any exploitable holes in your systems’ security, or those
devices that protect them, such as firewalls. Our vulnerability
scanning is performed from the Internet, providing a
“hacker’s-eye view” of your network.
Why is vulnerability scanning an ongoing service?
Because the threat landscape is dynamic and
security is intended to be a process not a product or one time
event.
Vulnerability management is a set of processes
and technologies that establishes, discovers and maintains a
security baseline; prioritizes and defends critical exposures;
eliminates
root causes and constantly monitors for new
vulnerabilities.
Vulnerability management services are regarded
not only as a complementary solution to existing security
measures but is indeed a critical function to eliminating the
need of continuously reacting to the problem and to start
addressing the root cause by identifying and eliminating
vulnerable systems before they are attacked.
Put simply, ScannerX replaces time-intensive
manual efforts of finding web application and system
vulnerabilities and helps customers achieve a level of security
beyond the capabilities of traditional network firewalls and
intrusion detection systems.
Why do we need vulnerability scanning when we’ve
got security policies, filtering routers, firewalls and
intrusion detection?
You need vulnerability scanning to ensure that
your security policies, filtering routers, firewalls etc. are
all working correctly and are effective.
Vulnerability scanning complements your security
policy. Also, all the network controls (ACL routers and
firewalls) in the world can’t protect against attacks conducted
at the application layer. Essentially what our service helps
guard against is your company suffering a loss due to
exploitable software flaws and human error. These could occur,
for example, via the latest security flaw in your web server or
a misconfiguration of your firewall or server by a systems
administrator. It’s the problems you don’t know about that
ScannerX looks for, analyzes, and reports. By regularly checking
your systems’ security status you can ensure that your security
posture is as intended and reduce the window of opportunity
available to hackers.
The most common findings from our vulnerability
assessments are:
-
Old services that are inadvertently left open
and may be used in the social engineering of a company
-
Improperly configured firewalls that don't
filter any traffic
-
Web servers that run old, vulnerable CGIs and
have default utilities still installed
-
Improper web permissions that allow
unauthorized users to browse a web server
-
Easily guessable user name and passwords that
are left open like guest/guest or test/test
-
The use of unencrypted protocols, like
TELNET, where accounts/passwords can be intercepted
-
Mail servers that are improperly configured,
allowing relaying (making you a conduit for spam) or
allowing a complete breach of your system
-
Denial of service (DOS) discovery
-
SQL Injection
-
P2P, chat and suspicious file sharing
services
-
Cookie poising
-
Cross site scripting
What tools do you use and do you keep up to date
with the latest security developments?
We use a combination of tools including
commercial, open source and in-house developed ones.
In this way we are able to stay abreast of the
latest security vulnerabilities. At the same time, by developing
our own software, we are able to plug the weaknesses and gaps
left by other packages. Using this method, we are also able to
react to fast moving situations by writing tests that will cater
for a new vulnerability before the commercial packages have
caught up.
I can download my own scanning software. Why
would I need yours?
To perform this service in house would mean
committing specialized resources to the effort. Vulnerability
scanning requires people with in-depth security knowledge and
experience. Staff you use to perform vulnerability scanning will
be tied up in this non-core business activity when they could be
doing something more productive for your organization.
There are many port scanners available on the
Internet. Nmap and NESSUS are two excellent open source
solutions that are the included in the tool set we utilize for
our scanning services. The benefit of ScannerX goes beyond
specific technology in providing:
-
An external
view of your network.
Getting an external view of your network usually involves
gaining access to a machine outside your network and then
running a scan. Set up and maintenance costs, in addition to
equipment costs are generally more than the cost of ScannerX
services.
-
Reproducible.
As an audit mechanism, vulnerability assessments are a low
cost, reproducible assessment that can be run whenever and
where ever needed.
-
Saves time
and effort.
Compiling free tools on an available platform can be very
time-consuming. Issues include overcoming OS issues,
downloading required packages, configuring the software,
correcting mistakes, initiating service, and applying new
updates etc. ScannerX requires only a user name and password
for access to secure servers that are preconfigured to do
the work for you.
-
Always up to date.
ScannerX automatically includes new tests into the
vulnerability assessments as they become available. There
are currently over 12000+ vulnerabilities scanned for, and
ScannerX’s engines check for updates every 15 minutes -
unlike other assessment services!
-
Outsourced Advantage.
By outsourcing the service to us you also avoid the capital
and recurring costs of maintaining this capability, such as
staff, hardware, software tools, bandwidth, management
overhead etc. By employing a specialist company you get the
quality of service you need in a cost effective manner.
ScannerX will never be "too busy" or "forget" to perform the
vulnerability scan because it is our core business.
What's the difference between a vulnerability scan and a
penetration test?
The scope of the tests conducted, the level of
manual effort involved and, definitely, cost. Another big
discriminator is how current the information is in these
reports.
The ScannerX vulnerability scan is predominantly
an automated service run on a regular basis, usually once per
week, that is continually updated with the latest vulnerability
information. A penetration test is a labor intensive manual
attempt by one or more individuals to see how far they can
access your systems by whatever means necessary.
ScannerX's penetration testing provides the most
thorough test of Internet-facing systems currently available.
ScannerX consultants scrutinize external and/or internal systems
for any weakness or disclosure of information which could be
used by an attacker to compromise the confidentiality,
availability or integrity of your systems. Our tests go beyond
the technical aspects of security and would also examine social
engineering and even physical exploits. Predictably the
penetration test will provide more information than a
vulnerability scan.
The drawback to penetration tests is that they
are snapshots of your network’s security status that can be
outdated the day after their completion. This is because new
vulnerabilities are occurring daily and support staff can make
configuration errors daily.
Will
your scans damage our data?
No, our scans are non-destructive. They do not
modify or delete any data on your systems.
By default all destructive tests are turned off
within our scans. Additionally our tests do not copy or retain
any information that is held on your network, sensitive or
otherwise.
If you find anything wrong with our systems can you help us fix
it?
Yes. During office hours the phones are manned
and you can talk to support staff if you need assistance with
the report and its findings. We will also work with you during
the early stages of your contract to perfect the removal of
false positives. Our staff is available by Email 24x7 and we can
provide contract staffing security experts for any construction
and/or testing that needs to be accomplished for remediation.
Copyright 2006, ScannerX, LLC. All rights reserved.