External Intrusion Monitor

New web site monitoring station: Copenhagen, Denmark (2007-09-08)

The WatchMouse network of monitoring stations expands again, this time in Copenhagen, a another site monitoring station in Scandinavia, bringing the total number of checkpoints to 23.

The new checkpoint will appear automatically in your logs. You can also set one of the new checkpoints as the primary checkpoint in your monitoring settings.

The current status of the WatchMouse web site monitoring network can be found on the 'About' tab of the WatchMouse site.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 external intrusion monitor trial

With a dramatic rise in malicious attacks, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having external intrusion monitored last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security exposure. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security external intrusion monitor and provides you with the peace-of-mind that your web applications are being scrutinized from the perspective of a possible attacker.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an outside - hacker's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a external intrusion monitor can be tailored to your policies, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each external intrusion monitor, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent external intrusion monitors by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

Announcing two free contacts for all accounts and alerting via MSN and Jabber (2008-01-08)

WatchMouse starts the new year with a gift: we have added two contacts to all customer accounts for free.
Contacts are used for:

• alerts in case of errors as defined in your Performance Monitoring rules,
• alerts when new issues are found in your Vulnerability external intrusion monitors, and
• custom reports.

We also introduced two new alerting methods: Instant messaging with MSN (Windows Live Messenger) and Jabber.

If you have a Jabber or MSN instant messenger account, add it as a contact in your WatchMouse account and then use these contacts for alerting. Our favourite setup is an escalation group where at the first error an instant message is sent, then if the error persists, after 5 minutes this is followed by an email and/or SMS text message.

Redesigned WatchMouse site and new product plans (2009-12-24)

We’re pleased to announce the redesign and launch of www.watchmouse.com. The new site is faster, more responsive and designed to be much more intuitive. Don't take our word for it though, try it yourself and let us know what you think!

The changes:

• Clean, task-oriented design
• Faster page loads
• Improved main console for a better overview of your monitors and better access to the monitoring details
• New "dashboards" featuring related, grouped information and tasks
• A new dashboard selector on every page after you log in, just below the search field

We’ve also introduced chat support. You can now chat directly on the site whenever the support team is online (normally 8 AM to 8 PM Central European Time or GMT+1).

Stay tuned for even more usability improvements and additional features coming up in Q1 of next year!

New Product Plans

You asked and we listened! We’ve received many requests for expanded plans, and also for a slimmed down plan for personal use. Additionally, the functional test (scripts) we introduced last year have become very popular, so we decided to add these tests in all professional packages.

The changes:

• We added functional tests to the Webmaster and Corporate plans, plus a one-minute monitor in the Corporate plan - all at the same price
• Two new professional plans have been added: the Enterprise Plan with 100 monitors (including 20 functional tests) and the Multi-Site Plan
• The Gold Plan that included 10-minute monitors only, has been discontinued, however current customers can still continue to use this package
• All Professional Plans now include complementary vulnerability external intrusion monitors to verify that your site and server is safe
• Lastly, we added the Personal Plan, a cost-effective plan for small sites, and we beefed up the free, Lite Plan so it now checks at 20-minute intervals

Full details can be found at: http://www.watchmouse.com/compare_plans.php

Take a look at the new WatchMouse website and give us your feedback. Bear in mind we’re still adding content and polishing the edges, but we'd be delighted to hear your thoughts and comments!

Happy holidays!

Stan P. van de Burgt

CEO

WatchMouse

P.S. You may find an occasional English word in the non-English sites. Please note that these will be replaced within the next few days.

WatchMouse Periodic Vulnerability Scanning has enabled us... (2010-01-13)

WatchMouse Periodic Vulnerability Scanning has enabled us to overcome the time consuming task of managing monitoring internally. The removal of all duplicate findings and neat presentation in the WatchMouse Customer Console further reduces the time Lectric Webservices has to spend on maintaining secure systems.

General Manager, LECTRIC Webservices

What do you want to check with a service such as Watchmouse? (2005-01-31)

As I explained in my previous column, you can use a monitoring service in a number of roles. Common to all these roles is the fact that you are keeping alive some services for the benefit of your customers, suppliers, employees or partners. These users are, in the end, all that counts.

What are the objects that you should be checking? Obviously, the least you want to do is check the service that is most visible to these users. This could be the webserver, or a POP or FTP server for example. You would start by setting up a rule to check the server and a URL. The frequency with which you can monitor (that is: the elapsed time between checks) is typically limited by the type of subscription that you have. Only in specific cases would you not check as often as your subscription allows.

Note that there is a difference between a CONNECT on port 80 rule and a HTTP rule. The first just connects to the port that the webserver is supposed to use. The HTTP rule also checks whether the webserver can produce a valid HTTP response, and whether the document can be found. You probably want the latter check.
Similar reasoning applies to POP and FTP checks. If you set up two different rules on the same host, this allows you to distinguish for example between a broken webserver and a host that is down. If you want even more content oriented checks, have a look at the so-called PLUG-IN rules. Additionally, you can set up checks to make sure that your users are actually using the services that you intend them to. The wexternal intrusion monitor Internet depends heavily on the domain name system(DNS) functioning correctly. If it does not work properly your users may be directed to another site than you intended. This could be a configuration error, but it could also be a defamation hack. In either case, you want to know.
First of all you want to check whether the root servers of the Internet accurately find the DNS that is serving you. This can be checked with a DNSNS rule. What you are checking with this rule is whether the registrar's databases are correct. Second, you want to check if that DNS server (and its slaves) are serving up the proper IP address for the server. For this you can use the DNSA rule, and it will warn you if the DNS server is not working or serves up the wrong address. (Note that the hosting party can change that address at its discretion, as part of a renumbering operation for example.)

Who should you notify of rule failures? Again, different roles have different information requirements. You want to notify the person who can fix things as soon as possible. Mail or SMS/text them directly, you do not want to be in the loop. You might set up an escalation chain, which fires off after a certain amount of errors. Note: make sure that you send the message on a channel that is not affected by the outage: if your e-mail system does not work, delivering a message to that effect should not depend on that e-mail system.
The people in charge of overseeing somebody else's service levels should only get escalation messages, if at all. Rather, they should get the weekly or monthly service reports.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

Website performance is the key to customer satisfaction (2007-06-27)

How often have you typed in the Google URL and received a page that will not load? I am willing to bet that this is a rare occurrence. Despite its busy traffic, Google is a textbook example of a web site that has almost perfect performance and therefore serves a great number of satisfied customers. The market share of the search engine is a resounding confirmation of this. You are assisted quickly, so you come back sooner. Research conducted by JupiterResearch has revealed that visitors to a site only have 4 seconds of patience. If the site has not been loaded by that time, they leave. Error messages also prompt potential customers to go to the competition.

Why do organisations still devote so little attention to the effective availability of their site? Performance is the key to satisfied customers. For many companies, their web site is the face of the organisation. Consumers and also business users of the Internet use the wealth of information on the web to compare purchasing options. It is of immeasurable importance that they are also actually able to find what they are looking for. If this is not possible at one company, competitors are straining at the leash to offer their services through a correctly functioning site.

Coming back to the praise that we had for Google, we see that the search engine has made significant investments in the availability of its web site. The page is run by several machines at various sites. If one crashes there are enough back-up servers that can take over the traffic flows to guarantee optimum performance. In addition, the search machine invests a great deal of time and money in the right hardware and people. Although the site has a difficult task – searching through an index of billions of documents – it is almost always available and loads fast.

The actual site is unspectacular in construction. This applies to the majority of sites with a high level of availability. Simple sites such as the news site NU.nl are almost always easy to access. Nevertheless, it is not only the layout of the site that determines how the web page performs. Too many photos, long symbols and frills make web sites slower to respond. The fact that the ‘back end’ of the site is not efficiently programmed also contributes to longer loading times. Frequent consultation of background databases is also detrimental to the speed of the page.

Where it often goes wrong is when different people are working on a site, thereby disturbing the links between the various elements. The different parts of the site will work correctly, but the site as a wexternal intrusion monitor will fail to perform. This means long waiting times for people who want to use the services of a company.

Service providers at the upper end of the market are becoming increasingly aware of this. The contracts that they use frequently include a service level agreement (SLA) for the part for which they are responsible. Nevertheless, they regularly make mistakes due to the fact that the promised performance is not subsequently verified (by an independent party). Although it is now essentially part of the contract, there is insufficient actual verification. Ideally, web site performance should become a permanent component of a contract. In addition, clear internal agreements must be made on who has final responsibility for the efficient loading and availability of a site.

Regular testing is also essential for the facilitation of good availability. This will prevent a great deal of errors, keeping the site up and running at crucial times. The storm that blew over the Netherlands at the end of January was a good opportunity to see which sites were prepared for extreme loads and which were not. The site of the Dutch weather institute, KNMI, was almost unreachable, while some logical thought could have protected them from this eventuality. If you know that a major storm is heading towards the country you can be sure that people will search for information on the weather and roads on the Internet. Sites such as those of KLM and Schiphol were also unreachable, while the specially created site Crisis.nl, which had been kept as simple as possible, was able to serve a large number of people.

Including ‘stress tests’ in a SLA or conducting them regularly in-house is therefore to be recommended. Companies can easily take control by ensuring that their service provider executes this type of test or by putting their own site under pressure. This is the best method of checking whether your web site can handle a sudden increase in visitor numbers. It is also good to know whether the servers on which your site is running actually ensure that your page is always available and loads correctly. For companies, it is crucial to see when they are off air. This can save them a large amount of money every year and will also reduce the number of irritated visitors to the site. This is how you keep customers satisfied and keep the company running.

Mark Pors
Chief Technology Officer at WatchMouse

WatchMouse provides site performance monitoring and stress test services

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's security exposure and eliminate the risks of manual audits. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any security risks and provides you with peace of mind that your software applications are being external intrusion monitorned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest external intrusion monitor WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known external intrusion monitor and security exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe external intrusion monitor, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/external intrusion monitor_external intrusion monitor_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

Apple Releases a Security Update for QuickTime 7.1.6 to Address Multiple Vulnerabilities (2007-05-29)

Apple has released a Security Update for QuickTime 7.1.6 to address multiple vulnerabilities in Apple QuickTime for Java. The impacts of these vulnerabilities include arbitrary code execution and information disclosure.

US-CERT recommends users install the QuickTime 7.1.6 Security Update and follow the Securing Your Web Browser document to disable Java.

US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available.

MediaWiki Inline Style Attribute Security Check Bypass Vulnerability (2006-12-21)

MediaWiki is prone to a vulnerability that may allow attackers to execute script code in a user's browser.

Security checks related to inline style attributes can be bypassed, facilitating injection of script code to be executed in a user's browser.

MediaWiki 1.5.3 is known to be vulnerable to this issue; other versions may be affected as well.

Mozilla Releases Security Advisories to Address Multiple Vulnerabilities (2006-12-20)

Mozilla has released Security Advisories to correct multiple vulnerabilities in Mozilla products, such as Firefox and Mozilla Suite.

US-CERT encourages users to upgrade to the latest version or implement the workarounds for the affected products as described in the Security Advisories.

US-CERT will provide additional information as it becomes available.

XPDF Multiple Unspecified Vulnerabilities (2006-12-20)

The 'xpdf' utility is reportedly prone to multiple unspecified external intrusion monitor vulnerabilities. The cause and impact of these issues are currently unknown.

All versions of xpdf are considered vulnerable at the moment. This BID will updated when more information becomes available.

GnuPG Detached Signature Verification Bypass Vulnerability (2006-12-20)

GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed.

Exploiting this issue allows attackers to bypass the signature-verification process used in some automated scripts. Depending on the use of GnuPG, this may result in a false sense of external intrusion monitor, the installation of malicious packages, the execution of attacker-supplied code, or other attacks.

Article in the Dutch magazine Quote (2006-06-23)

Some nice coverage of WatchMouse today, the July external intrusion monitor of Quote, a monthly magazine for and about rich people, and those who would like to be.

The article is on the "smartest and most successful companies of this moment", and WatchMouse is one of the 15 listed. The article is in print only. See www.quotenet.nl.