Frequently Asked Questions
Index
• Will the scans slow our systems down?
• Do we have to inform our ISP?
• Will the scans cause harm to our Network?
• Is the report confidential?
• Do I have to turn off my firewall if it's set to detect port scans?
• How long does a scan take?
• What do you scan for?
• My report shows a large amount of vulnerabilities. What should I do?
• I need help resolving a vulnerability?
• How often should I get our systems scanned?
• What is PCI Verified?
• I have a website that takes payments, do I need PCI verification to trade?
• I'm getting PCI scans already, does this mean my systems are secure?
Will the scans slow our systems down?
During the automated phase of the scan you may see an increase in traffic on your network and more requests to your servers. However, we have tried to reduce the impact of testing as much as possible. The link that the scanning originates from is physically limited to 2 Mb/s which is slower than many home ADSL lines. This is to minimise the chances of our scan swamping your network.Do we have to inform our ISP?
Yes. It is possible that our scans will appear to be an attack to your ISP and they may block our access to protect you and other users. Also it is in your interest to make sure the ISP is on board in case you need their help in fixing issues.Will the scans cause harm to our network?
We have done everything possible to reduce the risk of harm to your systems. We do not perform any tests known to be harmful and we strictly limit the bandwidth which we can use for scanning.Is the report confidential?
Absolutely. The report will be delivered to your nominated contact as a secure archive or encrypted email (your choice). You can even organise your reports so that each user only gets results for the hosts that they are responsible for.Do I have to turn off my firewall if it's set to detect port scans?
You must ensure that our addresses are whitelisted in your Intrusion Detection System but we request that you do not provide any more access to us than you would to any other untrusted network. We will discuss this with you and help you to get things set up right.How long does a scan take?
That depends upon too many factors to make a general statement. Call us to discuss your requirements and we will give you an estimate of how long to expect it to take.What do you scan for?
We scan for a huge range of vulnerabilities and issues, including anything from open ports to vulnerable services and insecure scripting. For more information you should view our sample report or contact us - we will gladly assist you.My report shows a large amount of vulnerabilities. What should I do?
You need to plan your resources to fix the most serious problems as soon as possible and to continue to reduce the issues. Our reports will give you some guidance on what you should focus on and we are happy to discuss the reports with you to help you improve.I need help resolving a vulnerability.
Call us. If you just need advice that's fine, if you need to get some extra skills that you don't have in-house then we can help with that too.How often should I get our systems scanned?
We recommend that you go for monthly scanning but you may want to have them performed more or less frequently depending on the nature of your web presence.What is PCI Verified?
For merchants handling payment cards (credit or debit) there is a requirement for compliance with PCI (Payment Card Industry) requirements. The actual requirements vary depending on several factors but may include scanning of all hosts involved, either directly or indirectly, in handling the payment card data. If you suspect that you may need this scanning or any other security advice please contact us to discuss your requirements.I have a website that takes payments, do I need PCI verification to trade?
If you handle payment cards (credit or debit cards) yourself there is a good chance that you will need to comply with PCI requirements. If you are at all unsure of whether you need to be checked please contact us for guidance. In some cases a self assessment questionnaire is all that is required. In this case we will be glad to provide support for the person responsible for completing the forms. On the other hand, if you require a scan, we will be glad to offer a competitive quote.I'm getting PCI scans already, does this mean my systems are secure?
A PCI scan doesn't guarantee security but it is a good indication that best practices are being followed and you are minimising your risks. You should also be aware that some vendors offer a lower standard of scanning than others. Sec52 uses a blended approach which ensures a very high quality and a good level of assurance. Our methods have discovered vulnerabilities on sites which had passed PCI checks with different vendors - this may make it harder to achieve PCI compliance with us but we think the improved security makes it worth it.If you have any other queries, please do not hesitate to contact us.
