English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Report Styles   Administrator | Executive Summary | Unbranded Exec. Summary
Advanced Security Audit (Sample)    
SAMPLE: SecuritySpace Audited Web Site
Report ID0
View Created On:Jan 1, 1970 00:00 GMT
Host Address(es):X.X.X.X
Report Contents
1. Risk Classification Summary
2. Baseline Comparison Control
3. Vulnerability Category Summary
4. Vulnerability Title Summary
5. Vulnerability Details
6. Open Ports
Appendix A: Risk Definitions
Appendix B: CVE Versioning
Appendix C: List of Tests Executed
1. Risk Classification Summary
Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 0 different issues we found are spread across the different risk classes. For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions
0,0,0,0
2. Baseline Comparison Control
Baselining allows you to compare the results of an audit to the results received in a previous audit. This provides for an easy way to see what is changing from one audit to the next. This section documents which audit was used as a baseline, allows you to select a different audit to use as a baseline, and allows you to mark the current audit as something that should be used when running future baseline comparisons.

Note that you have a fair bit of control over the types of baseline comparison information displayed in your report by using our Report Style Editor. The default is to display ALL test results in your current report, along with notes as to which results are different from the previous report.

According to your current report style, baseline comparisons are:Enabled
No audit could be found against which a comparison could be done according to the current baselining rules.

3. Vulnerability Category Summary
The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.

CategoryHigh  Med  Low  Other  
Fedora Local Security Checks     
SuSE Local Security Checks     
Web application abuses     
Debian Local Security Checks     
Ubuntu Local Security Checks     
Huawei EulerOS Local Security Checks     
General     
CentOS Local Security Checks     
Red Hat Local Security Checks     
Mandrake Local Security Checks     
Windows : Microsoft Bulletins     
Product detection     
Gentoo Local Security Checks     
FreeBSD Local Security Checks     
Denial of Service     
Oracle Linux Local Security Checks     
CGI abuses     
Databases     
Amazon Linux Local Security Checks     
Policy     
CISCO     
Web Servers     
Buffer overflow     
Slackware Local Security Checks     
Windows     
Conectiva Local Security Checks     
IT-Grundschutz-deprecated     
Service detection     
Backdoors     
Mageia Linux Local Security Checks     
Turbolinux Local Security Tests     
Default Accounts     
Mac OS X Local Security Checks     
FTP     
Gain a shell remotely     
IT-Grundschutz     
Nmap NSE net     
Trustix Local Security Checks     
Nmap NSE     
JunOS Local Security Checks     
F5 Local Security Checks     
Huawei     
Remote file access     
Gain root remotely     
SMTP problems     
Privilege escalation     
Misc.     
IT-Grundschutz-15     
SSL and TLS     
AIX Local Security Checks     
CGI abuses : XSS     
VMware Local Security Checks     
Malware     
RPC     
Palo Alto PAN-OS Local Security Checks     
FortiOS Local Security Checks     
Citrix Xenserver Local Security Checks     
Windows : User management     
SNMP     
Useless services     
Peer-To-Peer File Sharing     
Firewalls     
HP-UX Local Security Checks     
Settings     
Brute force attacks     
Compliance     
Port scanners     
Finger abuses     
Credentials     
NIS     
Solaris Local Security Checks     
Totals:0  0  0  0  

4. Vulnerability Title Summary
5. Vulnerability Details
6. Open Ports - X.X.X.X
Port   Protocol   Probable Service  
135  TCP loc-srv
Defined as a "Location Service" in RFC1060, pre-SP3 versions of Windows NT were susceptible to a denial of service attack on this port that would cause NT's rpcss.exe process to consume all available CPU cycles. The (easiest) recovery from this attack is to reboot your machine.

You should do one of several things: a) upgrade/patch your operating system to make sure it is not susceptible to this attack; b) firewall your system so that port 135 is not visible from the internet c) configure your router to block port 135; d) Install one of several monitoring packages on your PC that block this denial of service.

 
139  TCP netbios-ssn
Port 139 is used on Windows machines for NetBios name resolution, WINS, etc. A problem with older unpatched versions of Windows is that they are susceptible to receipt of Out-Of-Band (OOB) data. This means that someone can remotely send you OOB data on port 139 and can cause numerous problems on your machine, including but not limited to machine lockups, blue screens, loss of internet connection.

You should do one of several things: a) upgrade/patch your operating system to make sure it is not susceptible to this attack; b) firewall your system so that port 139 is not visible from the internet c) configure your router to block port 139; d) Install one of several monitoring packages on your PC that block this denial of service.

 
1028  TCP unknown
No description available for this port at this time.
Number of open ports found by port scan:3
 
Appendix A: Risk Definitions
Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.

AppendixB: CVE Versioning
CVE identifiers, an industry standard way of identifying tests, are maintained by Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20211016, and CAN Version Number 20211016. These were verified on October 16, 2021 as being the latest available.
Appendix C: List of Tests Executed
This supplement details the list of all tests that were available as part of this audit request. THIS IS A LARGE REPORT! It does not provide any information on vulnerabilities found during the audit. Instead, it is a complete list of all tests that were part of this audit, along with descriptions. If you intend to print this report, please choose the printer friendly link below. The size of the report will vary depending on the type of audit you ran, but can easily be 200 pages long when printed, and more than 600K in size.

Finally, please note that this list is dependent on the audit you ran. If you come back in a month and run the same audit again, it is likely that this supplement will change, since additional tests will have probably been added to the test suite. Each audit report we produce has its own copy of this supplement that reflects the test suite available at the time this audit was run.

Because of the large size of this report, it may take several minutes for it to be displayed properly on some browsers once the complete report is downloaded (e.g. Netscape). Be patient, it will come up eventually.

View Test List     Printer Friendly Test List      PDF Download


© 1998-2024 E-Soft Inc. All rights reserved.