CIS Home > Security > News & Services > Security Analysis Service

Security Analysis Service

In response to the Information Technology Advisory Committee's recommendations regarding improved network security, CIS is now offering network-based security analysis of WHOInet hosts as a consulting service. This service brings you up to date on the security of your server systems, and gives you the information you need to verify or improve their security.

To request a security analysis of your WHOInet-connected computers, please fill out a Security Analysis Request Form. Once your computers have been evaluated, CIS staff will prepare a security analysis report about them, which will be sent to you in email. This will include:

  • Host information. Attackers frequently rely on information a computer gives away about itself in order to mount an attack. What can an attacker tell about my computer?
  • Running network services. Each network service (such as an FTP server, NFS export, or sendmail daemon) is a possible avenue of attack. What services is my computer running, and are any of them unnecessary?
  • Overall "health" evaluation. How vulnerable is my computer? Of several computers, which should I be the most concerned about?
  • Known vulnerabilities. Our security analysis software can check for hundreds of known security holes in network services. Do attackers already know how to break into my computer?
  • Instructions to close vulnerabilities. For each vulnerability, there are ways to prevent attack -- upgrading network services, using alternative software, or the like. What steps should I take to secure my computer's services?
  • Recommendations for ongoing security. Closing down known vulnerabilities is only the start. Strong system administration practices can keep your computer secure against new attacks as well. Once my computer is secure, how can I keep it that way?
  • CIS contact information. CIS technicians are available to help you secure your computers or assist with ongoing administration. Whom should I call for help?

A sample analysis report is available. This is a sample only, and should not be used as a guide for any particular actual computer system. The length and depth of real analysis reports will vary based on the number and kind of services and vulnerabilities discovered.

Note: Security analysis is a fee-based service, like all CIS consulting work. It is primarily intended for the operators of server systems -- computers offering network resources (Web sites, FTP, etc.) to WHOInet or the Internet -- and for workstations which might be unintentionally exposing network resources. While a security analysis may be useful for all computers, we need to make server systems our first priority in doing analyses.

If you have any questions about the security analysis service, please send them to Karl Krueger. This service is one of several ways CIS is looking to help improve WHOI's network security, and we always invite your thoughts on this important matter.