Which operating system do you find to be most secure and why?
There are no really secure out-of-the-box operating systems out there, especially if it is connected to the Internet. New vulnerabilities come out every day, even for systems that may have been secured the day before. Security is not a product, it's a process. Any operating system can be secure if you keep it up-to-date, and check for vulnerabilities on a regular basis and ensure the system's security.
From your experience, what are the top security issues your service usually discovers?
ScannerX has performed thousands of security scans and I would have to say we see a lot of web server based vulnerabilities for the IIS (Internet Information Server, Microsoft® Servers), SQL vulnerabilities and recently a lot of Apache web server vulnerabilities on the unix based web servers. There have also been a large number of SMTP related vulnerabilities.
What security problems will we see in 2003?
In 2003, we expect an increase in vulnerabilities due to the heightened awareness in security. As more companies begin to tighten down the reigns on their Internet-enabled devices (Firewalls, Intrusion Detection systems, Web and Mail servers), more holes and vulnerabilities will be found which will lead to an increased number of security related problems this year. 2003 will bring the same types of vulnerabilities as in previous years, just more of them.
What to expect from ScannerX in this business year?
ScannerX's future expansion of products and plans for growth include the following:
Managed Vulnerability Assessments: For customers who want to know what is going on with their network but do not want to manage the process themselves. The anticipated cost is $20 per month plus $5 per scan. ScannerX will ensure the customer's servers are scanned periodically and that the results are reviewed and compared to prior scans. Any significant developments or changes will be reported immediately to the customer.
Assessment Reviews and Consultations: Customers who want an explanation of the results of a scan can order a complete review and consultative session. The customer will receive the analysis and recommendation by email and as a bound hard copy delivered by next day express service. With this service, ScannerX will review the results of the scans, analyze the impact and give the customer a written summary of the risks and an explanation of how to patch the servers. The anticipated price point will be $150 for a single one-time analysis of up to 5 IPs.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.