Checking the Locks
An AuditIt Security Audit Report is based on a set of tools updated daily that
reflect the latest in cyber-vandal/hacker technology. AuditIt uses those tools
to check your Web site’s locks and recommends where you need to change the locks.
Protecting Your Web Investment
Can you be sure
be sure that your Web site investment is safe from unwanted, damaging and expensive
exploitation?
Your Web site is at risk from unscrupulous elements in the Web community, just
as your house or office is at risk from criminal elements in the wider community.
You need to check that the locks you have in place will actually stop cyber-burglars
and cyber-vandals gaining access to your Web site.
You need a detailed security audit for the same reason you need
a Web site audit report
. Why? Because your team can’t see your Web site’s weaknesses as
clearly and objectively as an independent
third party.
AuditIt Security Audit Reports
AuditIt has adapted
the most comprehensive security checking tool available online to provide you
with a detailed assessment of your Web site’s vulnerability to hackers. The
process is simple: we test whether your site is vulnerable to hackers by using
their knowledge to your advantage.
Nessus
[http://www.nessus.org/intro.html] provides us with a constantly updated list
of exploitable security holes. We test your site to see if your site leaves
these holes uncovered. We then identify uncovered holes and how to plug/patch
them in a detailed report.
Your AuditIt Security Audit Report is only US$200.00 (or US$5100
if produced in tandem with a Web Site Audit Report):
Sign up Here
The Value of a Security Audit
- AuditIt effectively simulates an attack by the most sophisticated
hacker. We test for the latest security vulnerabilities not well known ones.
- We offer a perspective that your in-house team cannot offer: an external
view of your network.
- We test for the full ranges of vulnerabilities from mail server vulnerabilities
to gaps in firewalls: all your locks are checked.
- We use the bad guys’ tools to protect you from them (e.g. Nmap, which
we use as a port scanning tool, is the port scanner of choice for hackers).
The Security Audit Process in Detail
The first step in the process is to gain a clear picture of the technological
characteristics of your network. To do this we port scan your server using Nmap
(http://www.insecure.org/nmap/).
Nmap uses raw IP packets in novel ways to determine:
- what hosts are available on your network,
- what services (ports) they are offering,
- what operating system (and version of that operating system) you are running,
- what type of packet filters/firewalls are in place
- and dozens of other characteristics.
This information
gives AuditIt a clear picture of how your Web site/network is put together and
protected. We then test the server against our database of potential exploits
possible for the open ports, software and Operating System found on your server.
For Example:
Imagine, AuditIt is checking whether your Web site is vulnerable
to the well known "Code Red" virus.
- Our port scan tells us whether your site is possibly vulnerable to
Code Red.
- AuditIt simulates the virus attack: checking for the presence of certain
files, or open ports in exactly the same way the virus would.
- If we find that your server is vulnerable to Code Red’s method of
attack, rather than infecting the server, we add this vulnerability to our
report.
- The report you receive will alert you to this vulnerability and suggest
how to repair the security defect, offering links to relevant patches, and
more information.
Please be aware
that testing can take some time. Depending on what software
and operating system you have running on your server, AuditIt may need need
to perform well over 650 test to complete your security report.
Minimizing Risks
Testing for exploits
can be risky. Security probes may adversely affect your web server. We are,
afterall, attempting exactly the same tactics used by hackers to gain access
to your server. But AuditIt takes steps to minimize this risk:
- AuditIt will only test for one vulnerability at a time. There is a
15 second delay before we perform the next test. This minimizes stress on
your web server or network.
- The tools we use, Nessus and Nmap, are widely used and rarely impact
on the server that is being tested.
- All destructive tests (e.g. Denial of Service attack) are not performed.
Contact us securityaudits@auditit.com
to discuss further concerns.
|