In this list you will find answers to the most frequently asked questions about SecureScout (Cloud Edition) ™ .
The list will be updated according to need.
What is SecureScout (Cloud Edition)?
SecureScout (Cloud Edition) is an Internet security assessment service that provides understandings of how Internet connected networks are vulnerable to hacking. Basically, it finds the holes before the hackers do. By running an
automated scan of your Internet Protocol connected devices, SecureScout (Cloud Edition) detects and reports security vulnerabilities on any site. Assessments can be scheduled and run any time of day and as frequently as needed
with the easy to use and intuitive web interface.
Why would I need security assessment?
Forewarned is forearmed. Automated tools can survey web sites and identify connections that seem to be insecure.
Potential external and internal attackers use these scanning tools to formulate a picture of site security. They may be making a random pass or targeting your network specifically. Either way, it is easy to probe a network from
the other side of the globe. On a single web server there are 65,535 different ports that a program, or part of your operating system, can communicate through. If your IT security is weak, a single probe can escalate into a determined
attempt to break into, shut down, or take control over your organization's IT presence through any port, on any system, no matter if the system is visible from the Internet or not. SecureScout (Cloud Edition) gives you a warning
on how your IP connected devices can be compromised before a hacker lets you know the hard way.
I'm told our security is adequate, but I am not sure. I don't know where to start...
That is an excellent reason to run a SecureScout (Cloud Edition) test. The objective report results provide a constructive means of starting or continuing a conversation about IT security. SecureScout (Cloud Edition) contributes
to the dialogue by providing complete and clear documentation that everyone can understand.
Is SecureScout (Cloud Edition) a port scanner?
No, SecureScout (Cloud Edition) is a service not a product. SecureScout (Cloud Edition) delivers much more than a plain vanilla port scan. After identifying all open ports, SecureScout (Cloud Edition) will verify reported services
and protocols, and then intelligently evaluate the results. By leveraging the experiences of other customers and partners, SecureScout (Cloud Edition) is enhanced every week to identify known vulnerabilities and thwart related
If an organization already owns a port scanner, why would it need this service?
There are many reasons to subscribe to SecureScout (Cloud Edition) even if you already own and use a port scanner.
Reproducing the hacker's point of view - Attacking your network, meaning from the hacker's perspective, means securing access to machines on the in- or outside of your network just to run the scans. Setting up and maintaining
machines and allocating skilled resources for this purpose is neither convenient nor inexpensive, reducing the likelihood that it will ever get done.
Intelligent Assessments - The SecureScout (Cloud Edition) knowledge base and intelligent engine allows it to think in multiple steps and therefore test for more vulnerabilities, and more sophisticated exploits, than conventional
Multiple principles, Multiple passes passes - SecureScout (Cloud Edition) employs multiple principles with relative strengths and weaknesses. Since it makes multiple passes, it finds more vulnerabilities and delivers more
accurate information than any single scanner on the market.
Always Up-to-Date - SecureScout's dedicated focus on IT security and policy compliance combined with the frequent and regular updates to the test case database, keeps the SecureScout (Cloud Edition) service constantly current.
Our company has firewalls deployed. Do we really need this service?
Yes! As stated above, firewalls are great for restricting access to network segments, but they are very frequently miss-configured. Even when a firewall is securely installed, due to the dynamic nature of information technology,
the configuration may be frequently updated. Every change reintroduces the potential for error and lack of policy compliance. More importantly, however, SecureScout (Cloud Edition) will detect and report on vulnerabilities beyond
What platform types does SecureScout (Cloud Edition) test? SecureScout (Cloud Edition) covers all parts of your network interfaces, meaning TCP/IP devices generally. This includes firewalls, web servers, routers, mail servers,
wireless access points, FTP servers, proxy servers, common internet services (ftp, DNS etc...), operating systems, protocols, applications and any other settings or elements potentially helpful to an intruder.
What types of port scans are supported?
This service starts with a conventional TCP connect scan and performs many follow-on probes. It checks for vulnerability to denial of service through SYN (flooding), FIN, Fragmented packets and many other methods.
Other weaknesses SecureScout (Cloud Edition) identifies include unnecessary network services, public machine names or usernames, guest accounts, and routers with weak configuration protection. It reports on obsolete software. SecureScout
(Cloud Edition) sees that a resource (a disk, spool or printer) is visible from the Internet for a hacker to exploit and tells you when your DNS service is open to abuse. SecureScout (Cloud Edition) finds many more types of vulnerabilities
with more being added continually.
How many Vulnerabilities does SecureScout (Cloud Edition) check for?
The number constantly increases, so it is difficult to provide a precise answer at any given time. Currently, SecureScout (Cloud Edition) has more than 3,700 (June 1st 2008) test cases of which many test for several vulnerabilities.
How often is the SecureScout (Cloud Edition) Database updated?
The SecureScout (Cloud Edition) test database is updated weekly. We are committed to incorporating the test for a newly discovered high risk vulnerability into the SecureScout (Cloud Edition) knowledge base within one week of its
Does SecureScout (Cloud Edition) fix vulnerabilities automatically?
No. SecureScout (Cloud Edition) makes fixing vulnerabilities far easier by pinpointing, prioritizing and offering corrective action suggestions. It is neither possible, nor advisable, for SecureScout (Cloud Edition) (or any other
tool) to automatically "correct" all discovered vulnerabilities.. Trying to do so might create more security exposures than it solves. SecureScout (Cloud Edition) reports provide the information necessary to identify security concerns,
but your organization must still take the necessary steps to secure its network perimeter. SecureScout (Cloud Edition) does integrate with a number of the mainstream patch management and workflow applications on the market.
Can I target SecureScout (Cloud Edition) at any address I want?
Yes and no. The SecureScout (Cloud Edition) service will assess the IP addresses of client IP connections. Clients may have any IP address they legally own surveyed by SecureScout (Cloud Edition). However, under no circumstances
may a 3rd party address be assessed with SecureScout (Cloud Edition). Prior to assessment, address verification is required by business partners and clients.
Who else will see my audit results?
Only pre-designated contacts (by written agreement) can retrieve or view assessments. These can be authorized individuals at the client site or at the client's business partner. Reports are stored in our secured database. Clients
can retrieve audit repots via secure https using a pre-designated password. Business partners can log into their account on our secure SSL server.
How are test results obtained? Will you e-mail them to me?
Yes, we can send an e-mail alert indicating that a scan has been conducted. However, we will not e-mail the actual results because, generally speaking, e-mail is not secure. When a test has finished, the authorized organization
can obtain test results via https. The results will be retained online for a period of 14 days.
How long does it take to run an audit?
Your "mileage" may vary, but usually the assessment will complete in less than three hours. Single hosts can be tested in 15 minutes. Occasionally, our service finds so many ports and/or vulnerabilities to investigate, that it
takes a bit longer to finish. Upon completion of the assessment an e-mail notification is sent. This message indicates that testing is done and the results are available on-line, but does not report any actual results.
Can a SecureScout (Cloud Edition) assessment crash my network?
That is quite unlikely, but it is impossible to completely rule it out. However, we should point out that it would certainly be an indication of a vulnerability to denial of service attacks. It is always better to crash you network
at a time you choose over having it crashed by external attach at the most inconvenient time.
Must we turn off our intrusion detection systems while SecureScout (Cloud Edition) is running?
No, and we do not recommend this at all. You just need to know and certify which IP address SecureScout (Cloud Edition) is running from. Actually many of our customers use the log files created during the test for analyzing the
logging from other systems, like firewalls, routers, web servers, and other services.
Then how will my intrusion detection systems work with SecureScout (Cloud Edition)?
In order to ensure optimal results, clients should disable actions on intrusion detection systems. This is because the intrusion detection systems may automatically stop communication between the SecureScout (Cloud Edition) scanners
and the customer's servers. The audit may well be perceived as an actual hacker-attack...and it should be.
How does SecureScout (Cloud Edition) handle cookies?
If file and print sharing are turned off, why would I worry?
MS Windows file and printer sharing is only one possible gateway into a machine. More and more programs are increasingly network aware and while that makes them more functional, it also makes your security perimeter more vulnerable.
How can you scan all TCP and UDP ports?
Wouldn't that take over nine hours? It is a tall order. It involves scanning over 130,000 ports which is why we employ proprietary parallel tasking technology to make the process more time efficient. And no, it does not take anywhere
near nine hours.
Why can't we simply install firewalls?
Usually, clients should install firewalls as an important piece of their overall security solution. Although an IT security posture consists of many elements (all of which require testing!), firewalls are a good start. So let's
focus initially on this piece of the puzzle. Firewalls must allow traffic through to be of any use. The systems accepting this traffic behind the firewall is vulnerable as well, and can be accesses from outside.
Firewalls are notoriously difficult to configure correctly and therefore quite subject to human error during initialization, maintenance and even routine use. Mis-configuring firewalls, or accepting default configuration settings,
are the two most common sources of vulnerability, but weaknesses in the underlying operating system, or in the TCP/IP stack (also known as "the transport protocol"), also add to persistent security problems. Finally, many firewalls
themselves are defective and vulnerable to one or more of over 400 known security holes. Although recently developed firewalls are much less vulnerable, a classic method used to penetrate firewalls is IP Spoofing. So, it can be
relatively easy for a hacker to break in despite "having" a firewall.
Think of it this way. Are you completely safe from burglary just because you lock your windows and doors before leaving your home? A good way to assess the situation might be to hire a computerized cat burglar to prowl around the
premises and report on the weaknesses. SecureScout (Cloud Edition) does exactly that.