Vulnerability Assessment Questions and Answers
Q: What is beSECURE?
A: beSECURE is a vulnerability assessment and management solution that delivers accurate reports you can act on with confidence. Build network security certainty by finding and eliminating the vulnerabilities in your network that invite attacks.
beSECURE is designed to accurately scan networks from 64 to 200K active IPs and offer vulnerability assessment and management control from an easy to use administration console. From that console scanning management and report access rights can be granted to divisional or regional security administrators.
Q: Why is accuracy so important in Vulnerability Assessment (VA)?
A: An inaccurate VA report is very frustrating to use. If every third item in the report is a false positive (doesn’t really exist) then soon the entire report, even the use of VA as a vital security tool, gets a bad name.
beSECURE will restore your confidence in VA as a vital security tool. Regain complete certainty that when a VA report says that the network has high risks, they actually DO exist. Know without a doubt that when you are handling the risks discovered by beSECURE you are doing the best job humanly possible to protect your network.
Q: How can beSECURE be more accurate than other scanning or VA tools?
A: All other VA solutions depend primarily upon checking host banners to read the version number. They assume that if version X is present, then all the vulnerabilities of version X are also present. This is not true if an update was ‘back doored’ (common in Linux) or if server or application settings make access to the vulnerability impossible.
beSECURE primarily checks the BEHAVIOR of hosts by delivering queries that prove by actual response that a vulnerability exists. Our false positive rate is .1% which is so low that most of our customers never experience a single error. Better yet; beSECURE will discover vulnerabilities missed by others, which can happen if a patch is incompletely installed, or a server or service never got restarted so that the patch can take effect.
Q: Is beSECURE a hardware or software solution?
A: It is available as a hosted service for scanning external IPS, and an appliance based solution for scanning internal IPs, or as a hybrid. The hardware solution comes as either a single unit capable of both scanning and reporting and an enterprise version that uses two component types to cover networks of any size or complexity: The Information Server (“IS”), and one or more Local Scanning Servers(“LSS”).
The IS appliance is responsible for controlling the scans, storing the scanned results obtained from various scans, generating consolidated reports and providing access to reports. It is also used to control and manage all the associated LSS servers. The IS appliance can be configured to allow multiple users to connect to the system and to read scan reports, or to schedule scan jobs.
The LSS appliance is responsible for performing vulnerability scans across a segment of the network of up to 2,500 active nodes per day.
Q: What kinds of vulnerabilities does beSECURE detect?
A: There are three scenarios in which a system can be vulnerable.
The first way a system can be vulnerable is when operating systems or network applications are poorly coded thus allowing attackers to exploit software flaws.
The second way a system can become vulnerable is when an operating system or an application in the system is infected with viruses, trojans or worms. In these instances, malicious code may open up a TCP port for unauthorized access from across the network.
The third way a system can be vulnerable is when a system is mis-configured, such that it becomes vulnerable. One example could be that a default password was left in place for the administrative interface of an application.
beSECURE detects vulnerabilities that are caused by all three of the above scenarios.
Q: Does beSECURE require installation of agents on the systems that are to be scanned?
A: No, beSECURE does not require any software agents on any system.
Q: How does beSECURE function differently from an Intrusion Prevention System (“HIPS”)?
A: IPS blocks attacks, beSECURE finds and helps fix the vulnerabilities that the attackers are trying to reach. The most perfect IPS, with the most careful maintenance will not stop 100% of attacks. An average IPS with average maintenance is a poor barrier indeed.
Defending a network with IPS is like catching fast ball pitches (or football free kicks) in front of a glass window. You MUST stop every kick or throw. A well designed VA solution like beSECURE will turn your window into a wall. Yes, please do use an IPS, but if you miss a packet, there is no emergency.
Q: How does beSECURE function differently from a firewall?
A: A firewall typically performs network access control at the network border. It can only protect the network from unauthorized access from external networks to internal systems or applications. However, if an attack uses a legitimate network access the firewall will not be able to protect the system. beSECURE finds and helps repair the vulnerabilities that attackers are searching for. If you have no vulnerabilities, then your dependence on perfect firewall management is eliminated.
Q: How does beSECURE function differently from anti-virus software?
A: Anti-virus software is designed to protect a system from malicious code (viruses, worms & trojans) from entering the system – it blocks incoming packets. It does not examine the system to see if there is a weakness that malicious code can take advantage of. beSECURE is able to find the vulnerabilities and help you eliminiate them. As such, beSECURE complements anti-virus software in protecting the system.
Q: Does beSECURE perform auto-patching of the operating system/software when vulnerabilities are discovered?
A: beSECURE can be integrated with all major patch-management solutions to perform auto-patching of the operating system/software.
Q: What is the average scan rate (in packets/sec) generated by the LSS during typical scanning?
A: The LSS average scan rate is 300 packets per second. Scan rate is fully adjustable.
Q: What is the average throughput (in kb/sec) generated by the LSS during typical scanning?
A: The LSS average throughput rate is 60 kilobits per second. Scan speed and scan time of day, day of week is fully adjustable.
Q: What is the number if IP address the LSS can scan in one day?
A: The LSS can perform scanning on about 2,500 hosts/nodes per day.
Q: What is the speed of an LSS scan on a Class A, Class B and Class C network?
A: The time taken to scan a network depends on the composition of that systems network. A scan on an average network that contains a router, network printer, 4 servers and 10 workstations would be completed in approximately 8 minutes.
Q: Can the rate of scanning be limited to minimize the amount of bandwidth used for scanning?
A: Yes, beSECURE allows the administrator to limit the rate of scanning.
Q: How long can the IS keep reports for a network size of one Class C network?
A: The IS can store scan results for a class C for more than 5 years.
Q: Does the beSECURE support scanning configuration backup?
A: Yes, the beSECURE supports this function.
Q: How is beSECURE typically deployed?
A: A single unit installation is available for simple networks of up to 2500 active hosts. This deployment is ideal for companies just starting vulnerability assessment. A multiple unit system scans large or widely distributed networks, such as multiple location retail chains or banks with branches in many countries. In either case these deployments share our proven scanning engine and same vulnerability library.
Q: How do the Local Scanning Servers send the scanned results to the Information Server? Is it via push or pull mechanism?
A: Scan results are encrypted and then sent by SSL. The IS can pull the results from the LSS, or the LSS can push the scanned results to the IS. Such flexibility allows the organization to deploy beSECURE to fit their network access control requirements.
Q: Can the LSS scan through a firewall? Can the LSS also operate in a NAT environment?
A: Yes, but for accurate results, scanning of internal IPs must be done from within the network. When a scan is made through a firewall or a NAT environment, the firewall or router may modify certain essential packet contents. As such, it may lead to false positive or false negative in its reporting.
Q: Does beSECURE perform port-scanning as part of vulnerability detection?
A: Yes, beSECURE always performs port scanning to detect all ports opened on a system.
Q: What systems does beSECURE currently check?
A: The beSECURE currently scans for vulnerabilities in the following systems and applications:
- Microsoft Windows operating system
- Windows 95/98
- Windows NT 4.0 Server/Workstation
- Windows 2000 Server/Workstation
- Windows XP
- Windows 2003
- Windows Vista
- Windows 7
- Windows 2008
- Windows 8
- Windows 2012
- Windows 10
- Sun Solaris
- IBM AIX
- HP HP-UX
- SCO Unixware
- BSD (OpenBSD, NetBSD)
- Apple Mac OS X
- Novell NDS
- Mainframes: AS-400, VMS
- Antivirus system
- Intrusion detection system
- Network devices
- Network switches/hubs
- Wireless access points
- Remote access servers
- VoIP devices
- OSI Layer 7 applications
- Web server
- Database server
- Mail server
- FTP server
- Proxy server
- Programming languages
Q: What database system does beSECURE use to store scanned results? Where does this database reside?
A: beSECURE uses MySQL as the database system, and the database resides in the IS.
Q: How can the Security Administrator access the IS to perform administrative functions?
A: The Security Administrator can manage the IS (and the associated LSS) through a web browser.
Q: How many vulnerability checks does beSECURE contain?
A: The beSECURE test database can identify and report on more than 10,000 individual vulnerabilities. Over 100 new vulnerabilities are added to it every month.
Q: How often is the vulnerability checks database updated?
A: beSECURE will perform an update every hour. Upon discovery of any vulnerability, beSECURE can be updated with the latest vulnerability check within one hour time frame.
Q: Are the IS or LSS appliances secure?
A: The IS and LSS are routinely audited for security vulnerabilities and are deployed in a hardened Linux configuration.
Q: How will an IDS/IPS react to an beSECURE scan?
A: The LSS sends out packets that are typical to an attack. As such, an IPS/IDS should treat the LSS as a malicious attacker (if is does not, that is an issue!). To avoid conflicts add the IP address of the LSS to the IPS/IDDS white list to prevent them from generating false alarms.
Q: Does the beSECURE allow the organization to customize their risk policies?
A: Yes through the asset and policy management features, beSECURE allows organizations to assign a value to each asset to establish its risk value.
Q: Why does beSECURE manage risk through asset values instead of vulnerability values?
A: Organizations portray the risk of a vulnerability differently among one another. Instead of changing the value of the vulnerability which could be ambiguous, changing the value of the asset is more relevant. This means that a high value asset is deemed more vulnerable than a low value asset if they have the same vulnerability.