| Network
Vulnerability Assessment
(External) FAQ
1.
What is External Automated Penetration Scanner (EAPS)?
EAPS is an Internet security assessment service that
provides an understanding of how Internet connections
are vulnerable to hacking. Basically, it finds the holes
before the hackers do. By running an automated scan
of your Internet connections, EAPS detects and reports
on any site security vulnerabilities. Assessments can
be run any time of day and as frequently as needed.
[TOP]
2.
Why would I need a security assessment?
Forewarned is forearmed. Automated tools can
survey web sites and identify connections that seem
to be insecure. Potential attackers use these scanning
tools to formulate a picture of site security. They
may be making a random pass or targeting your site specifically.
Either way, it is easy to probe a site from the other
side of the globe. On a single web server there are
65,535 different ports that a program, or part of your
operating system, can communicate through. If your Internet
security is weak, a single probe can escalate into a
determined attempt to break into, shut down, or deface
your organization's Internet presence through any port,
on any system, visible from the Internet. EAPS warns
you how your Internet connections can be compromised
before a hacker lets you know the hard way.
[TOP]
3.
I'm told our security is adequate, but I am not sure.
I don't know where to start...
That is an excellent reason to run a EAPS test. The
objective report results provide a constructive means
of starting or continuing a conversation about Internet
security. EAPS contributes to the dialogue by providing
complete and clear documentation that everyone can understand.
[TOP]
4. Is
EAPS a scanner?
No, EAPS is a service not a product. EAPS delivers
much more than a plain vanilla port scan. After identifying
all open ports, EAPS will verify reported services and
protocols, and then intelligently evaluate the results.
By leveraging the experiences of other customers, EAPS
is enhanced every week to identify known vulnerabilities
and thwart related exploits.
[TOP]
5.
If an organization already owns a port scanner, why
would it need your service?
There are many reasons to subscribe to EAPS even if
you already own and use a port scanner. ·
- Reproducing the hacker's point of view - Attacking
your network from the outside, meaning the hacker's
perspective, means securing access to a machine on
outside of your network just to run the scan.
- Setting up and maintaining this a machine
for this purpose in neither convenient nor inexpensive,
reducing the likelihood that it will ever get done.
·
- Intelligent Assessments - The EAPS knowledge base
and intelligent engine allows it to think in multiple
steps and therefore test for more vulnerabilities,
and more sophisticated exploits, than conventional
scanners. ·
- Multiple Scanners, Multiple passes - EAPS employs
multiple different scanning engines with relative
strengths and weaknesses. Since it makes multiple
passes, it finds more vulnerabilities and delivers
more accurate information than any single scanner
on the market. ·
- Always Up-to-Date - EAPS vulnerability database
is updated weekly.
[TOP]
6.
Our site already has a firewall. Does it really need
this service?
Yes! As stated above, firewalls are great for restricting
access to your network, but they are very frequently
misconfigured. Even when a firewall is securely installed,
due to the dynamic nature of Internet technology, the
configuration may be frequently updated. Every change
reintroduces the potential for error. More importantly,
however, EAPS will detect and report on vulnerabilities
beyond the firewall.
[TOP]
7.
What platform types does EAPS test?
EAPS covers all parts of your Internetworking
interfaces meaning TCP/IP devices generally. This includes
firewalls, web servers, routers, mail servers, FTP servers,
proxy servers, common internet services (ftp, DNS etc...),
operating systems, protocols, applications and any other
settings or elements potentially helpful to an intruder.
[TOP]
8.
What types of port scans are supported?
This services starts with a conventional TCP connect
scan and performs many follow-on probes. It checks for
vulnerability to denial of service through SYN (flooding),
FIN, Fragmented packets and many other methods. Other
weaknesses EAPS identifies include unnecessary network
services, public machine names or usernames, guest accounts,
and routers with weak configuration protection. It reports
on obsolete software. EAPS sees that a resource (a disk,
spool or printer) is visible from the Internet for a
hacker to exploit and tells you when your DNS service
is open to abuse. EAPS finds many more types of vulnerabilities
with more being added continually.
[TOP]
9.
How many Vulnerabilities does EAPS check for?
The number constantly increases, so it is difficult
to provide a precise answer at any given time. Currently,
EAPS tests for over 1,400 vulnerabilities. To ensure
that EAPS results are the most reliable on the Internet,
EAPS has been designed to test for each vulnerability
at least twice.
[TOP]
10.
Does EAPS fix vulnerabilities automatically?
No. EAPS makes fixing vulnerabilities far easier by
pinpointing, prioritizing and offering corrective action
suggestions. It is neither possible, nor advisable,
for EAPS (or any other tool) to automatically "correct"
all discovered vulnerabilities, however. Trying to do
so might create more security exposures than it solves.
EAPS reports provide the information necessary to identify
security concerns, but your organization must still
take the necessary steps to secure its network perimeter.
[TOP]
11.
How are test results obtained? Will you e-mail them
to me?
Yes, SecureNet Solutions can send an e-mail alert indicating
that a scan has been conducted. However, SecureNet Solutions
will not e-mail the actual results because, generally
speaking, e-mail is not secure. When a test has finished,
the authorized organization can obtain tests results
via ftp. The results will be retained online for a period
of 1 month or until the next assessment (whichever is
less). Clients preferring additional security can specify
that results are only stored offline and sent by courier.
[TOP]
12.
How long does it take to run an audit?
Of course your mileage may vary, but usually the assessment
will complete in less than three hours. Occasionally,
our service finds so many vulnerabilities to investigate,
that it takes a bit longer to finish. Before commencing
an assessment, SecureNet Solutions verifies that an
audit was requested. Upon completion of the assessment
an e-mail notification is sent. This message indicates
that testing is done and the results are available on-line,
but does not report any actual results.
[TOP]
13.
Can a EAPS assessment crash my network?
That is quite unlikely, but it is impossible to completely
rule it out. However, we should point out that it would
certainly be an indication of a vulnerability to denial
of service attacks. If a stranger has not already scanned
your Internet presence, he soon will be.
[TOP]
14.
Will EAPS fail if a connection is temporarily lost?
No. EAPS was designed with testing redundancy in mind.
Experience has shown that redundant testing greatly
enhances the accuracy of results and overall test quality
. When an interruption or anything unexpected occurs,
the vulnerability in question will be checked at least
once more. This corroborative methodology is unique
to EAPS.
[TOP]
15.
Must we turn off our intrusion detection systems while
EAPS is running?
No, not at all. Actually many of our customers use
the log files created during the test for analyzing
the logging from other systems, like firewalls, routers,
web servers, and other services.
[TOP]
16.
Then how will my intrusion detection systems work with
EAPS?
In order to ensure optimal results clients should disable
actions on intrusion detection systems. This is because
the intrusion detection systems may automatically stop
communication between the EAPS scanners and the customer's
servers. The audit may well be perceived as an actual
hacker-attack...and it should be.
[TOP]
17.
How does EAPS handle cookies?
Web servers use Cookies to store information about
users on their own system. You do not have to enable
cookies in order to be able to successfully use this
service.
[TOP]
18.
If file and print sharing are turned off, why would
I worry?
MS Windows file and printer sharing is only one possible
gateway into a machine. More and more programs are increasingly
network aware and while that makes them more functional,
it also makes your security perimeter more vulnerable.
[TOP]
19.
How can you scan all TCP and UDP ports?
Wouldn't that take over nine hours? It is a tall order.
It involves scanning over 130,000 ports which is why
APS employs its parallel scanning technology to make
the process more time efficient. And no, it does not
take anywhere near nine hours.
[TOP]
20.
Why can't we simply install a firewall?
Usually, clients should install a firewall as an important
piece of their overall security solution. Although an
Internet security perimeter consists of many elements
(all of which require testing!), a firewall is a good
start. So let's focus initially on this piece of the
puzzle.
- Firewalls are notoriously difficult to configure
correctly and therefore quite subject human error
during initialization, maintenance and even routine
use. ·
- Misconfiguring firewalls, or accepting default configuration
settings, are the two most common sources of vulnerability,
but weaknesses in the underlying operating system,
or in the TCP/IP stack (also known as "the transport
protocol"), also add to persistent security problems.
·
- Finally, many firewalls themselves are defective
and are vulnerable to one or more of over 300 known
security holes. Although recently developed firewalls
are much less vulnerable, a classic method used to
penetrate firewalls is IP Spoofing. So, it can be
relatively easy for a hacker to break in despite "having"
a firewall.
Think of it this way. Are you completely safe from
burglary just because you lock your windows and doors
before leaving your home? A good way to assess the situation
might be to hire a computerized cat burglar to prowl
around the premises and report on the weaknesses. EAPS
does exactly that
[TOP]
|
