In light of recent network security breaches, security company Vigilante has launched a service to test the network perimeter, but users are worried that the service itself could compromise security, writes Will Garside.
The automated service, called Securescan, uses a number of the tools favoured by hackers to simulate an attempted security breach. Results are then matched against a database of known weaknesses to generate a report for the customer and a list of recommended remedial actions.
Vigilante sells the service through specialist security consultants who subsequently undertake contracts to fix any security deficits discovered.
However, some potential customers have expressed concern that a third party could gain detailed knowledge of potential security problems within their networks after a Securescan probe had been carried out.
Nigel Rix, Vigilante's UK manager, accepted that some people may be concerned, but expressed his faith in the integrity of Vigilante's partners. "Our partners often have long term, trusted relationships with their customers. We believe that this, combined with legally binding non-disclosure agreements, is enough to safeguard any confidentiality issues," he said.
Although recognising the value of the Securescan concept, Paul Brettle, security specialist at security products supplier F-Secure, expressed doubts about the overall effectiveness of automated testing.
"Securescan is a good idea but it is unable to ascertain what additional problems may be caused if these potential security flaws were to be exploited. Also, it doesn't provide real-time protection against hackers.
"Prevention is great but you still need a cure," Brettle said.
This was first published in September 2000