Frequently Asked Questions

Q: Will a vulnerability scan confirm with 100% certainty that my system is secure?

A: Your goal should be to minimize the chance of a successful attack against your system. Knowing as much as possible about your vulnerabilities is a critical step towards achieving that goal.

With Internet connected systems, there is a fundamental tradeoff between the benefit of being connected, and the risk of being compromised. The Nessus vulnerability scanning engine we utilize is regarded as the best in the world. However, it can only test your system against currently known vulnerabilities. New vulnerabilities are being discovered every day ( http://cve.mitre.org/ ), and plugins for the Nessus scanning engine are updated just as often.

So the short answer is this: Scanning your system for vulnerabilities will provide you with the same view of your system that a hacker will have from the Internet. Nothing can guarantee your security with 100% certainty (except unplugging your system!), and this is the next best option.

Q: Why do professional security companies charge thousands of dollars to perform external vulnerability assessments when you offer the service for $24.95?

A: In a sense, you're comparing an apple to an apple tree. Professional security companies ( www.foundstone.com ) perform a much more in depth and personalized assessment of your external environment. They have the ability to audit custom built applications, review internal system policies, and manually review the application code that drives a given system. These types of professional reviews also may include a physical on-site visit, a detailed analysis of threats (competitors, disgruntled employees, etc.), and a cost valuation of your assets.

Our goal is to provide a far less expensive assessment to users that cannot afford (or do not require) that type of review. However, you will be happy to know that most of those multi-thousand dollar security auditors use the same scanning software that we do!

Q: What is the difference between free port scanning services (such as http://www.grc.com/default/htm ) and your vulnerability scan?

A: A port scan will provide you with a list of ports that are listening on a given system. A vulnerability scan goes another step further, and probes the services and applications running on those listening ports to determine if they are vulnerable to attack. It is more complicated to execute than a port scan, but yields significantly more information regarding your security.

 

 

Copyright 2006, VulnerabilityScan.net. All rights reserved.

Q: Can I get a port scan along with my vulnerability scan?

A: Yes, a port scan is the first step in the vulnerability assessment. Your system will receive a port scan using the industry favorite nmap tool: http://www.insecure.org/nmap/

Q: I don't know the IP address of my computer, but I would like to order a scan. How can I find out?

A: You can find out your Internet IP address by clicking here: http://www.vulnerabilityscan.net/ip.php

Q: Are the results of my vulnerability scan kept confidential?

A: Absolutely. The results of the final report are e-mailed only to the individual placing the order. We also retain a copy of the final report in our encrypted database. Our copy of the report may be permanently destroyed at your request.

Q: Can I pay to have you scan a system owned by someone else?

A: No, this is forbidden. The individual requesting the scan must either own, operate, or have specific permission to scan the target system.

Q: Can I schedule the vulnerability scan to occur at a specific time?

A: Yes you can! After you submit your order, send an e-mail to our staff at orders@vulnerabilityscan.net requesting the audit occur at a specific time. By default, scans are usually initiated nightly between 10:00PM EST and 4:00AM EST.

Q: What is the vulnerability scanning engine utilized by your service?

A: On the backend, VulnerabilityScan.net utilizes the open sourced Nessus scanning engine running on an optimized Fedora Core 3 operating system. Nessus is widely regarded as the most robust and accurate vulnerability assessment engine. A distinct advantage of open sourced technology is that it evolves faster and receives far more frequent updates than closed source competitors. You can see the thousands of plugins developed for Nessus here: http://cgi.nessus.org/plugins/dump.php3?viewby=family

Q: Can you help me hack so-and-so's computer?

A: Please do not contact us with these types of requests. We are only interested in helping people improve their security - specifically to mitigate the risk of these types of attacks!

Q: Your website previously stated that you donate 10% of all profits to charity. Do you still do this, and why?

A: Indeed, we continue to donate 10% of our annual profits to charitable organizations. We take pride in doing this, and we believe that our customers enjoy knowing that a portion of our profits help make the world a better place.