Home Features FAQ Pricing About Us Contact Us Web Site Monitoring: Website Monitor & Server Monitoring
Web Server Monitoring
Login

E-mail:

Password:



Secure Login
Lost Password

See Also
FREE TRIAL!
Articles
Link to Us
Demo Account
ASL Reference


Alertra SecureSite™

Security Vulnerability Assessment (Part 2 of 3)

Prev | 1 | 2 | 3 | Next


Can I just do it myself?

You could do the security vulnerability scanning yourself. We use the de facto standard Nessus scanner which is available for anyone to download for free. However, before you do, ask yourself these questions:

  1. Do I need another application to install and use, one that doesn't directly contribute to revenue, answer customers' questions, or increase my productivity?
  2. Will I keep the application updated? New vulnerabilities are found all the time and vulnerability scanners require frequent updates to stay up to date.
  3. Will I run the scanner consistently and take the time to examine the lengthy report produced every time?

If you answer "No" to any of these questions, then downloading, installing, running, and maintaining your own vulnerability scanner will be a big hassle at best, and most likely completely ineffective. With SecureSite™, we keep our scanners up to date with the very latest vulnerability tests. This includes licensing the Nessus Direct Feed. Direct Feed customers are given access to new vulnerability tests as they are released; everyone else waits 7 days.

Security

How important is 7 days? Every day the security e-mail list, BugTraq contains announcements of new vulnerabilities that have been discovered. Sometimes the vendors have been notified and patches provided and sometimes not. Either way, the clock starts on your risk to a vulnerability when the vulnerability is discovered. Each tick of the clock increases the chance that the vulnerability will be used to compromise your systems. The clock only stops when you have inoculated your systems for that vulnerability. Malicious hackers subscribe to that list too and they are watching for new methods of attack.

How does it work?

Once per day, week, or on-demand, SecureSite™ will scan your system to determine which ports are open. The services on those ports will be identified and tested for more than 7,000 vulnerabilities. Ports that aren't specifically scanned will still be tested for vulnerabilities if they are ports common to specific applications.

On-demand scans will be provided a report with summary and detail sections describing potential vulnerabilities found and in most cases information on how to correct or work around the problem.

If you use our daily or weekly scanning service then you will get two reports. One is the full report that details all of the potential vulnerabilities found. The other will show just the new vulnerabilities detected. This allows you to really optimize your time. You go over the first scan of your systems using the full report. After that, all you need to do is look at the differences report and take care of any new issues.

Here is a sample report showing a scan of two different IPs.

False Positives

Vulnerability scanning is not exact. SecureSite™ uses Nessus in its "safe mode". This mode uses tests that are not destructive to determine your vulnerability exposure. Using this mode sometimes results in false positives because the only way to be really sure a service contains a vulnerability is to exploit the vulnerability. Nessus has the capability to perform these tests, unfortunately they can cause the tested services and sometimes even the computer itself to crash.

Obviously it is not a good idea to run a potentially destructive test using an automated tool. We recommend that periodically, during scheduled maintenance windows, you run a full scan with "safe mode" turned off. To do this you can have us run the full scan at a day and time you specify.

So while doing "safe mode" scans can result in false positives, the good news is that because of our differences report it won't really matter. Once you look through the first report and correct any problems found, you can start using the differences report to take care of just the new issues. You will not have to look through and confirm the same issues every time. Since you will have the full report, and we do a full scan every time, you can look at the complete list of vulnerabilities any time you like.


Excerpt from Part 3:
"Even if you are not doing vulnerability scans of your network, you can be sure someone is."

Continue to Part 3...


Prev | 1 | 2 | 3 | Next



 Device Status

Not logged in.

What's This?

Web Site Monitoring · Security Scan · Features · FAQ · Pricing · About Us · Contact Us · Site Map

Copyright © 2000-2008 Alertra, Inc. All rights reserved. Please read our privacy statement and our terms of service.