How do you know if something changes on your external services?
We have launched our new monitoring tool; use it to alert you to changes that occur on your network perimeter or Internet facing servers. Systems administrators and security teams should be aware of what services are available from the Internet.
With regular monitoring you can be alerted when something changes; here are a few examples:
Detect firewall changes
- Was a firewall reconfigured during testing and not returned to a production state?
- Why was the local firewall stopped on our web server?
- Do you have IT staff who do not always follow change control?
- Did a malicious party open a port in your firewall for unauthorised access?
- Who forwarded ports on the router to access some torrents / and or games?
Detect Internet facing service changes
- Why was your FTP service shutdown?
- Who opened remote desktop (RDP) or VNC services to the Internet?
- Was the Web server upgrade fully tested before deployment (detect version changes)?
- Why is there two different versions of SSH running on the web server (22 and 1337)?
- FTP service changes, who installed a vulnerable version of the FTP server?
These questions will not be answered by the new monitoring service; but you will know a change has occurred and at least be able to ask the question.
Features of the new monitoring service include:
- Daily or Weekly Port Scans
- Receive an email after every scan or only if something has changed
- Uses the stable Nmap Port Scanner to ensure quality results
- Scan IPv4 or IPv6 targets
- Scan a range of IPv4 addresses (up to 254 IP’s or a class C network)
- Scan is from a static IP address; whitelist your security monitoring (IDS / IPS).
These screen shots, give a brief overview of what the service looks like. There is essentially two components from an end user perspective; a dashboard giving a summary of enabled scans and a form to schedule new tests.
Screenshot 1: Dashboard
Screenshot 2: Schedule New Monitor