What are the benefits of running your audits?

• provides an external view of your network from the internet,
• scans all 65,535 ports of an IP for potential security holes,
• examines your system with 5961 vulnerability tests for security weakness, including Windows based attacks, denial of service attacks, root exploits, CGI abuses, mail server vulnerabilities, and firewall vulnerabilities,
• provides detailed and comprehensive report on findings, and suggests potential solutions,
• includes the latest vulnerability tests on a regular basis.

What are the auditing service options

1. Standard Audit , providing you with a TCP port scan of over 1500 ports and execution of all 5961 available vulnerability tests ;
2. Advanced Audit , providing you with a 65,535 TCP port scan and execution of all 5961 available vulnerability tests ;

Our Free audit is equivalent to the Standard Audit in its execution, except that we don't show you the details of the problems we found for high and middle security levels. This is useful as a way of determining whether or not you have any problems before you decide to buy any of our services.

Can other people see my audit reports?

No. Only you can see the results of your audit. Audit reports are generated based on scan results in our local databases.

What are some of the common vulnerabilities found?

The problems we routinely find usually fall into one of the following areas:

• Unpatched/out of date software with known vulnerabilities
• Dangerous or unneeded services available for exploit
• Improperly configured software allowing unwanted access to resources

Will this guarantee the security of my network?

I have a firewall. Do I need this service?

• misconfiguration allowing unwanted access
• vulnerable services behind the firewall (e.g. web server on port 80) allowing an attacker to tunnel through the firewall, through the vulnerable service, onto the machine running the vulnerable service, from where they can attack the rest of your network from behind the firewall itself.

I have my own vulnerability scanner. Why would I need yours?

• An external view of your network. Getting an external view of your network usually involves getting access to a machine on the outside of your network for the purpose of running your scan. The cost of setting up and maintaining this type of access can often be more than the cost of this service alone.
• Reproducible. As an audit mechanism, Security Audits are a low cost, reproducible audit that can be run whenever you need.
• Low effort Setting up and configuring a vulnerability scanner for proper operation can be time-consuming.
• Always up to date By using a service, you automatically receive the latest vulnerability tests without having to install them into your own scanner. We ensure that our test suite is always up to date. We provide new vulnerability tests on a regular basis as security issues/holes are found. For example, check out the tests added in the last 30 days . In addition - we tell you via our vulnerability announcement list the moment any new tests are on-line corresponding to remotely exploitable vulnerabilities, assisting you in keeping up to date on problems that may impact your network.

Which platforms do you audit?

Our service has tests for virtually every platform out there, and is not limited to one particular operating system or application suite. You will find tests for Windows, Linux, Unix, Macintosh, Web servers, Database products, and more. If it can be remotely tested, we try to have the test for it available.

Will my network/system crash as a result of an audit?

We certainly hope not, but ultimately there are no guarantees. Bear in mind that an audit is considered to be an intrusive operation.

The different audits have different risk levels associated with them. Our Basic Audit is a port scan that should not impact anyone's system. It is relatively low bandwidth (<50K at peak), and if it does crash your system, you should definitely be looking at doing something about this, since it is quite likely you will be port scanned by someone in the future.

A number of the vulnerability tests are denial of service attacks that are designed to test the integrity of your hardware and software. These tests focus on known problems on various computer systems, and may impact equipment it is aimed at, such as routers, firewalls, etc. For a description of the various DoS attacks included in the test suite, check here . None of the DoS tests involve deliberate attempts to flooding your bandwidth (a trivial, non-preventable attack). DoS tests are disabled by default to reduce the likelihood of your system crashing, but you may enable them at your own discretion.

How long does it take to run an audit?

This depends on the type of audit you launched, the network between us and you, and how your system is configured. For unprotected (no firewalls or packet filtering), the times are roughly

• Standard Audit: 20 minutes
• Advanced Audit: 90 minutes

• Standard Audit: 1.5 hours
• Advanced Audit: 2.5 hours (on rare occasions, up to 8 hours).

What are well known services and ports?

Well known services are services known to customarily exist on specific ports. This is different from the definition of a well known port, which is the port range 0 through 1023.

The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.

• The Well Known Ports are those from 0 through 1023.
• The Registered ports are those from 1024 through 49151.
• The Dynamic and/or Private Ports are those from 49152 through 65535.

The ports we audit are all well known ports (1-1023), along with about 500 ports in the 1024-65535 range. These additional ports consist both of legitimate services as well as commonly known trojans.

Why don't you always scan all TCP and UDP ports?

To scan all possible ports would involve scanning over 130,000 ports. While that would be thorough, there are a number of problems associated with doing this:

• Scanning can take a long time. To scan all 64K TCP ports would take our scanner several hours. We do offer a full 64K TCP port scan as part of our advanced audit.
• UDP ports cannot be scanned reliably. The problem with UDP ports is that they don't respond when the port is open. That would be fine, except that many firewalls will also not respond when you probe a UDP port, even if that port isn't open. The result ends up being a large number of false positives. The vulnerability tests do check for a number of UDP services, but even here, if your system is firewalled, false positives can occur.
• Solaris systems cannot be UDP scanned any faster than 2 ports per second, due to a throttling mechanism applied by Solaris itself. Thus, a 1500 port UDP scan would take over 10 minutes, and a full 64K port scan would take over 9 hours.

Our methodology is to ensure we provide accurate results, and because the last two items make it either difficult or impossible to perform effective full UDP port scans, we have elected to limit UDP scans to checking for services (e.g. trojans) residing on known UDP ports.

Questions and Confidentiality

We fully understand the importance of confidentiality and the privacy of your audit information. If you have any further questions, please drop us a line at security@net4you.bg.