Let's secure your perimeter.
Let's face it: if you aren't a multinational, you're not performing frequent scans on your perimeter.
This means security weaknesses, misconfigurations and old software can creep into your portal to the internet.
Sure, professional products already exist for this. But they will cost you an arm and a leg and require a lot of time
This is where we will make the change.
Example scan results
SSL version 3.0 is detected
SSL/TLS using version 3.0 is vulnerable to the so called POODLE attack. This allows a man-in-the-middle attack where an attacker can decrypt 1 byte after 256 requests. This can expose sensitive information to the attacker.
Solution: Exclude the SSL protocol on your application server.
Vulnerable httpd/apache version detected
Solution: Upgrade apache/httpd to a recent version.
SSH on standard port 22 detected
The SSH server is listening on the default port 22, which makes it easily recognizable. This will allow automated logion attempts performed by bots on the internet. Changing this to a random port will prevent a lot of automated attempts.
Solution: Change the port to a custom one above 1024.
Ideally you need an easy-to-use tool that offers you the information you need in a clear way. When vulnerabilities are found, you need a link to the technical documentation and a proposed way to proceed.
There will be loads of vulnerabilities, but most of them will probably be benign. Every vulnerability will need to contain tags telling you how serious it is and what it is about.
Only after the initial overview of everything that is detected, you can start fixing issues. But how are we going to follow-up these issues? For this we need a dashboard that will notify you how many issues have been fixed since the last scan.
All of these features will make your life a lot easier, and allow you to finally feel comfortable about security.
There tools that do this, but they are not affordable at all.
Or maybe there is one?