Hacker simulation service raises question of trust with users

Feature

Hacker simulation service raises question of trust with users

In light of recent network security breaches, security company Vigilante has launched a service to test the network perimeter, but users are worried that the service itself could compromise security, writes Will Garside.

In light of recent network security breaches, security company Vigilante has launched a service to test the network perimeter, but users are worried that the service itself could compromise security, writes Will Garside.

The automated service, called Securescan, uses a number of the tools favoured by hackers to simulate an attempted security breach. Results are then matched against a database of known weaknesses to generate a report for the customer and a list of recommended remedial actions.

Vigilante sells the service through specialist security consultants who subsequently undertake contracts to fix any security deficits discovered.

However, some potential customers have expressed concern that a third party could gain detailed knowledge of potential security problems within their networks after a Securescan probe had been carried out.

Nigel Rix, Vigilante's UK manager, accepted that some people may be concerned, but expressed his faith in the integrity of Vigilante's partners. "Our partners often have long term, trusted relationships with their customers. We believe that this, combined with legally binding non-disclosure agreements, is enough to safeguard any confidentiality issues," he said.

Although recognising the value of the Securescan concept, Paul Brettle, security specialist at security products supplier F-Secure, expressed doubts about the overall effectiveness of automated testing.

"Securescan is a good idea but it is unable to ascertain what additional problems may be caused if these potential security flaws were to be exploited. Also, it doesn't provide real-time protection against hackers.

"Prevention is great but you still need a cure," Brettle said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in September 2000

 

COMMENTS powered by Disqus  //  Commenting policy