netVigilance, Inc. - SecureScout Perimeter FAQ

In this list you will find answers to the most frequently asked questions about SecureScout Perimeter ™ .
The list will be updated according to need.

What is SecureScout Perimeter?
SecureScout Perimeter is an Internet security assessment service that provides understandings of how Internet connected networks are vulnerable to hacking. Basically, it finds the holes before the hackers do. By running an automated scan of your Internet Protocol connected devices, SecureScout Perimeter detects and reports security vulnerabilities on any site. Assessments can be scheduled and run any time of day and as frequently as needed with the easy to use and intuitive web interface.
Why would I need security assessment?
Forewarned is forearmed. Automated tools can survey web sites and identify connections that seem to be insecure.

Potential external and internal attackers use these scanning tools to formulate a picture of site security. They may be making a random pass or targeting your network specifically. Either way, it is easy to probe a network from the other side of the globe. On a single web server there are 65,535 different ports that a program, or part of your operating system, can communicate through. If your IT security is weak, a single probe can escalate into a determined attempt to break into, shut down, or take control over your organization's IT presence through any port, on any system, no matter if the system is visible from the Internet or not. SecureScout Perimeter gives you a warning on how your IP connected devices can be compromised before a hacker lets you know the hard way.
I'm told our security is adequate, but I am not sure. I don't know where to start...
That is an excellent reason to run a SecureScout Perimeter test. The objective report results provide a constructive means of starting or continuing a conversation about IT security. SecureScout Perimeter contributes to the dialogue by providing complete and clear documentation that everyone can understand.
Is SecureScout Perimeter a port scanner?
No, SecureScout Perimeter is a service not a product. SecureScout Perimeter delivers much more than a plain vanilla port scan. After identifying all open ports, SecureScout Perimeter will verify reported services and protocols, and then intelligently evaluate the results. By leveraging the experiences of other customers and partners, SecureScout Perimeter is enhanced every week to identify known vulnerabilities and thwart related exploits.
If an organization already owns a port scanner, why would it need this service?
There are many reasons to subscribe to SecureScout Perimeter even if you already own and use a port scanner.
Reproducing the hacker's point of view - Attacking your network, meaning from the hacker's perspective, means securing access to machines on the in- or outside of your network just to run the scans. Setting up and maintaining machines and allocating skilled resources for this purpose is neither convenient nor inexpensive, reducing the likelihood that it will ever get done.
1. Intelligent Assessments - The SecureScout Perimeter knowledge base and intelligent engine allows it to think in multiple steps and therefore test for more vulnerabilities, and more sophisticated exploits, than conventional scanners.
2. Multiple principles, Multiple passes passes - SecureScout Perimeter employs multiple principles with relative strengths and weaknesses. Since it makes multiple passes, it finds more vulnerabilities and delivers more accurate information than any single scanner on the market.
3. Always Up-to-Date - SecureScout's dedicated focus on IT security and policy compliance combined with the frequent and regular updates to the test case database, keeps the SecureScout Perimeter service constantly current.
Our company has firewalls deployed. Do we really need this service?
Yes! As stated above, firewalls are great for restricting access to network segments, but they are very frequently miss-configured. Even when a firewall is securely installed, due to the dynamic nature of information technology, the configuration may be frequently updated. Every change reintroduces the potential for error and lack of policy compliance. More importantly, however, SecureScout Perimeter will detect and report on vulnerabilities beyond the firewalls.
What platform types does SecureScout Perimeter test? SecureScout Perimeter covers all parts of your network interfaces, meaning TCP/IP devices generally. This includes firewalls, web servers, routers, mail servers, wireless access points, FTP servers, proxy servers, common internet services (ftp, DNS etc...), operating systems, protocols, applications and any other settings or elements potentially helpful to an intruder.
What types of port scans are supported?
This service starts with a conventional TCP connect scan and performs many follow-on probes. It checks for vulnerability to denial of service through SYN (flooding), FIN, Fragmented packets and many other methods.
Other weaknesses SecureScout Perimeter identifies include unnecessary network services, public machine names or usernames, guest accounts, and routers with weak configuration protection. It reports on obsolete software. SecureScout Perimeter sees that a resource (a disk, spool or printer) is visible from the Internet for a hacker to exploit and tells you when your DNS service is open to abuse. SecureScout Perimeter finds many more types of vulnerabilities with more being added continually.
How many Vulnerabilities does SecureScout Perimeter check for?
The number constantly increases, so it is difficult to provide a precise answer at any given time. Currently, SecureScout Perimeter has more than 3,700 (June 1st 2008) test cases of which many test for several vulnerabilities.
How often is the SecureScout Perimeter Database updated?
The SecureScout Perimeter test database is updated weekly. We are committed to incorporating the test for a newly discovered high risk vulnerability into the SecureScout Perimeter knowledge base within one week of its initial detection.
Does SecureScout Perimeter fix vulnerabilities automatically?
No. SecureScout Perimeter makes fixing vulnerabilities far easier by pinpointing, prioritizing and offering corrective action suggestions. It is neither possible, nor advisable, for SecureScout Perimeter (or any other tool) to automatically "correct" all discovered vulnerabilities.. Trying to do so might create more security exposures than it solves. SecureScout Perimeter reports provide the information necessary to identify security concerns, but your organization must still take the necessary steps to secure its network perimeter. SecureScout Perimeter does integrate with a number of the mainstream patch management and workflow applications on the market.
Can I target SecureScout Perimeter at any address I want?
Yes and no. The SecureScout Perimeter service will assess the IP addresses of client IP connections. Clients may have any IP address they legally own surveyed by SecureScout Perimeter. However, under no circumstances may a 3rd party address be assessed with SecureScout Perimeter. Prior to assessment, address verification is required by business partners and clients.
Who else will see my audit results?
Only pre-designated contacts (by written agreement) can retrieve or view assessments. These can be authorized individuals at the client site or at the client's business partner. Reports are stored in our secured database. Clients can retrieve audit repots via secure https using a pre-designated password. Business partners can log into their account on our secure SSL server.
How are test results obtained? Will you e-mail them to me?
Yes, we can send an e-mail alert indicating that a scan has been conducted. However, we will not e-mail the actual results because, generally speaking, e-mail is not secure. When a test has finished, the authorized organization can obtain test results via https. The results will be retained online for a period of 14 days.
How long does it take to run an audit?
Your "mileage" may vary, but usually the assessment will complete in less than three hours. Single hosts can be tested in 15 minutes. Occasionally, our service finds so many ports and/or vulnerabilities to investigate, that it takes a bit longer to finish. Upon completion of the assessment an e-mail notification is sent. This message indicates that testing is done and the results are available on-line, but does not report any actual results.
Can a SecureScout Perimeter assessment crash my network?
That is quite unlikely, but it is impossible to completely rule it out. However, we should point out that it would certainly be an indication of a vulnerability to denial of service attacks. It is always better to crash you network at a time you choose over having it crashed by external attach at the most inconvenient time.
Must we turn off our intrusion detection systems while SecureScout Perimeter is running?
No, and we do not recommend this at all. You just need to know and certify which IP address SecureScout Perimeter is running from. Actually many of our customers use the log files created during the test for analyzing the logging from other systems, like firewalls, routers, web servers, and other services.
Then how will my intrusion detection systems work with SecureScout Perimeter?
In order to ensure optimal results, clients should disable actions on intrusion detection systems. This is because the intrusion detection systems may automatically stop communication between the SecureScout Perimeter scanners and the customer's servers. The audit may well be perceived as an actual hacker-attack...and it should be.
How does SecureScout Perimeter handle cookies?
Web servers use Cookies to store information about users on their own system. You do not have to enable cookies in order to be able to successfully use this service.
If file and print sharing are turned off, why would I worry?
MS Windows file and printer sharing is only one possible gateway into a machine. More and more programs are increasingly network aware and while that makes them more functional, it also makes your security perimeter more vulnerable.
How can you scan all TCP and UDP ports?
Wouldn't that take over nine hours? It is a tall order. It involves scanning over 130,000 ports which is why we employ proprietary parallel tasking technology to make the process more time efficient. And no, it does not take anywhere near nine hours.
Why can't we simply install firewalls?
Usually, clients should install firewalls as an important piece of their overall security solution. Although an IT security posture consists of many elements (all of which require testing!), firewalls are a good start. So let's focus initially on this piece of the puzzle. Firewalls must allow traffic through to be of any use. The systems accepting this traffic behind the firewall is vulnerable as well, and can be accesses from outside.
Firewalls are notoriously difficult to configure correctly and therefore quite subject to human error during initialization, maintenance and even routine use. Mis-configuring firewalls, or accepting default configuration settings, are the two most common sources of vulnerability, but weaknesses in the underlying operating system, or in the TCP/IP stack (also known as "the transport protocol"), also add to persistent security problems. Finally, many firewalls themselves are defective and vulnerable to one or more of over 400 known security holes. Although recently developed firewalls are much less vulnerable, a classic method used to penetrate firewalls is IP Spoofing. So, it can be relatively easy for a hacker to break in despite "having" a firewall.

Think of it this way. Are you completely safe from burglary just because you lock your windows and doors before leaving your home? A good way to assess the situation might be to hire a computerized cat burglar to prowl around the premises and report on the weaknesses. SecureScout Perimeter does exactly that.