Online Intrusion Scan

Secure site (https) checking (2005-01-31)

The access to secure sites (https) and the verification of the server online intrusion scanificates of these sites is now possible in the Gold and Platinum packages.

New tags, new reports (2006-10-03)

Reports are no longer limited to groups of rules! From now on, it is possible to receive cross-group reports through the introduction of tags in the monitoring settings.

Reporting by rule or group of rules. This is how it was done until now. The introduction of tags in the monitor settings means we are now able to satisfy clients that need another type of reporting – reporting that transcends any particular group. For example, the multi-media company Lost Boys has grouped rules by client, but wants to receive reports on online intrusion scanain type of servers from all of its clients, e.g. an overview of all its clients’ mail servers. By means of tags, Lost Boys is able to state which rules should be shown at the same time. In this case, all of the rules from the mail servers. The tag feature therefore makes it possible to arrive at a different form of reporting, whereby it is possible for you to analyse the information in different ways.

Easy issue updates to your team or customers (2007-10-10)

In the event of an issue with your site, wouldn't it be convenient to update your team or customers and let them know you are working on it, or send them a note that you solved the issue?
Other examples:

• Inform your customer that maintenance will start in 5 minutes, and then again when completed.
• Ping your team that you're working on an issue that WatchMouse signalled to all.
• Update management on what the status of an emergency issue is.

The WatchMouse Messaging tool lets you do exactly that: type a short message, select the group of contacts to send the message to, and click 'send'. The message will be sent to all contacts of the group, and can be sent over SMS, email, pagers, and instant message (MSN, ICQ, jabber). And in case of sms, you can even see who received it in the Message log (if supported by the respective GSM provider).

Tip: Do you find yourself typing online intrusion scanain texts all the time? Then just save it as a template so you can reuse it the next time. You can define as many contact groups as you like using the Contacts page.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 scan trial

With a dramatic rise in malicious attacks, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having online intrusion scaned last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security exposure. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security risks and provides you with the peace-of-mind that your web applications are being scrutinized from the perspective of a possible attacker.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an outside - hacker's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a scan can be tailored to your policies, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each scan, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent scans by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

WatchMouse Public Status Pages: your own public website health page in two clicks! (2009-08-19)

Today we move the WatchMouse Public Status Pages (WMPSP) out of beta, making them available for all WatchMouse customers free of charge!

What is a Public Status Page?

A public status page is a web page that informs your customers on the status of your services, inspired by similar pages from many organisations like Amazon, Apple, Google, but also ISPs, financial institutions and other organisation who deliver critical services to other companies or the general public. Well-known examples are:

• The Amazon web services Health Dashboard
• Apple MobileMe support (top right corner)
• Google Apps Dashboard
• Nationwide (a UK bank) service page
• The WatchMouse Status Page and our Monitoring stations status (yes, we eat our own dog food)

On our Public Status Pages the current status of your selection of on-line services can be displayed, and updates (public announcements) can be placed there for your customers. The pages are hosted on the Amazon cloud infrastructure, ensuring that your status page is highly scalable. It also ensures that your status pages continue to be available even if your main site or service is not.

Should my organization have a Public Status Page?

There is a strong trend to inform customers as soon as possible when online intrusion scanain services become unavailable, and announce maintenance well in advance. If you would like to provide your customers a dedicated status page for the on-line services you provide to them, WMPSP is a very efficient and cost-effective solution for your organisation. You can have a Public Status Page set up in minutes by creating one or more rules in your WatchMouse account, set up a public folder, and move these rules into this folder. Using the WMPSP setting page you can post announcements, annotate current issues, and optionally set up a special host name (CNAME) so people can access the status page using your domain name, e.g. status.yourdomain.com.

How does it work?

After you have set up a public folder with monitoring rules in your account, the status of these rules will be pushed to http://status.watchmouse.com/NNN automatically (where NNN is a unique id for your status page). Make sure the settings of the rules, and especially the timers for the performance thresholds are according to your standards / SLA. You may want to have a similar set of rules with more strict thresholds for internal use so you will get notified well before your Public Status Page is update. Note that you can have your own host name as well, i.e.status.yourdomain.com instead of http://status.watchmouse.com/NNN

Whenever there is a performance or availability issue, you can annotate this in your WatchMouse account and this information (e.g. "our technicians are working on a solution, expected to be available at 16:00") will be pushed to the WMPSP as well. Similarly, you can announce maintenance or downtime in the same procedure and this will be listed in the announcement section of your Public Status Page.

All Public Status Page are hosted on the Amazon web services infrastructure, making it independent from your own servers availability and ensuring a very high availability and scalability.

Get started now!

• Login into your account and go to the standard rule settings page
• Create a new rule folder for each WMPSP you would like to set up, and create rules within those folder that are representative for the availability of your main services.
• Go to the WMPSP setting page and click the [add] button, and select a folder you created in the previous step.
• Optionally you can also add a host name within your own domain in the CNAME field. Not that you have to add a CNAME record to you DNS for this host name pointing to status.watchmouse.com.
• Click [make public] and you're done! Note that it might take a minute or two before the status page is actually available, since the data has to be transferred to the Amazon AWS platform first.
• Test your WMPSP by clicking on the Name and/or CNAME links in the public folder listing. Observe that each rule has it's own detail page which looks like this: WMPSP for the WatchMouse web site
• Note that the name and logo shown can be changed in your account details
• Next you can add announcements to your WMPSP in case you have scheduled maintenance for one of more services or when actual issues arise and you would like to update your customers about the progress fixing it.

Rapidly growing WatchMouse wins Deloitte’s Rising Star award (2005-09-23)

WatchMouse is one of the three winners of Deloitte’s Rising Star award. This award is presented annually to rapidly expanding technology companies less than five years old. WatchMouse has been active worldwide for three years in the area of site and server monitoring. With 16 monitoring stations throughout the world, WatchMouse monitors the availability of customers’ websites, immediately sounding the alarm in the event of problems.

The Rising Stars are presented as part of the Deloitte Technology Fast 50 ceremony, the fifty most rapidly expanding technology businesses. The Rising Stars have the potential to lead the Technology Fast 50 in the near future. Stan van de Burgt (42), Niels Eijsbroek (40) and Mark Pors (38) first came up with the idea for WatchMouse in 2001. The concept was as unique as it was clear: to monitor the availability of sites and servers by constantly simulating web traffic. If a site is not responding or an error is found, the customer is notified immediately by SMS, pager, IM or e-mail. From the moment the concept went 'live', in 2002, the pace has been frenetic: turnover doubled each year. Web sites are now monitored from sixteen monitoring stations worldwide 24 hours a day, seven days a week.

The WatchMouse application is entirely web-based: customers do not have to install software or hardware at their site, and the application excels in its self-service aspects while staying easy to use. This allows WatchMouse to operate with a small core of permanent employees, supplemented by external support. Prospective customers can specify their requirements in detail on the WatchMouse site. A range of starter packages is available, priced from € 17.50 per month up to € 450 per month. 400 paying customers in 40 countries worldwide now make use of WatchMouse’s services. These include hosting companies, government bodies, and companies such as LB Icon, Scania, Siemens, Orange, ING, GeoTrust, Citibank, and Postbank.

Self-service as a success factor

Mark Pors, Chief Technology Officer, says he was “pleasantly surprised by the award”. “I am very happy that the jury shares our vision of self-service and our market approach." Pors sees WatchMouse as “the right initiative at the right moment. Companies are increasingly looking to outsource non-core tasks. However, they want to be able to guide and control this themselves and from their own workplace. Web-based services make this possible." Stan van de Burgt, CEO, sees the simplicity of the WatchMouse site and the various languages in which it is available as the major success factors. "Monitoring websites was an idea that already existed in essence, but had not been worked out in this form. We are geared tightly to 'self service', whereby customers can set up everything themselves and retain total control. Which also means we are able to offer the service at a more attractive price than other players in the market.”

The Rising Star awards were presented on Thursday, 22 September.

WatchMouse

WatchMouse assesses your website and e-commerce applications just like your customers experience them. The checks are carried out from 16 monitoring stations worldwide, and recorded in regular reports. In the event of errors or availability problems, the right people within your organisation will be alerted.

www.watchmouse.com

Very impressive feature set and has a real commitment to client care (2010-01-13)

With many hundreds of business clients who expect and deserve over 99.99% uptime, in the instances where we do have service online intrusion scan, WatchMouse alerts us promptly - every time. This allows us to minimize the impact of downtime and interruptions to our clients. WatchMouse isn't just another monitoring service, the team is dedicated to building on an already very impressive feature set and has a real commitment to client care

Michael Bloch, Business Operations Manager, ThinkHost, Inc.

WatchMouse's Website Performance Benchmark enables us... (2010-01-13)

WatchMouse's Website Performance Benchmark enables us to confirm on behalf of our clients, any suspected access online intrusion scan in addition to showing the overall performance compared to the benchmark in our client's sector.

Managing Director, Red Dog Communications

What do you want to check with a service such as Watchmouse? (2005-01-31)

As I explained in my previous column, you can use a monitoring service in a number of roles. Common to all these roles is the fact that you are keeping alive some services for the benefit of your customers, suppliers, employees or partners. These users are, in the end, all that counts.

What are the objects that you should be checking? Obviously, the least you want to do is check the service that is most visible to these users. This could be the webserver, or a POP or FTP server for example. You would start by setting up a rule to check the server and a URL. The frequency with which you can monitor (that is: the elapsed time between checks) is typically limited by the type of subscription that you have. Only in specific cases would you not check as often as your subscription allows.

Note that there is a difference between a CONNECT on port 80 rule and a HTTP rule. The first just connects to the port that the webserver is supposed to use. The HTTP rule also checks whether the webserver can produce a valid HTTP response, and whether the document can be found. You probably want the latter check.
Similar reasoning applies to POP and FTP checks. If you set up two different rules on the same host, this allows you to distinguish for example between a broken webserver and a host that is down. If you want even more content oriented checks, have a look at the so-called PLUG-IN rules. Additionally, you can set up checks to make sure that your users are actually using the services that you intend them to. The wonline intrusion scan Internet depends heavily on the domain name system(DNS) functioning correctly. If it does not work properly your users may be directed to another site than you intended. This could be a configuration error, but it could also be a defamation hack. In either case, you want to know.
First of all you want to check whether the root servers of the Internet accurately find the DNS that is serving you. This can be checked with a DNSNS rule. What you are checking with this rule is whether the registrar's databases are correct. Second, you want to check if that DNS server (and its slaves) are serving up the proper IP address for the server. For this you can use the DNSA rule, and it will warn you if the DNS server is not working or serves up the wrong address. (Note that the hosting party can change that address at its discretion, as part of a renumbering operation for example.)

Who should you notify of rule failures? Again, different roles have different information requirements. You want to notify the person who can fix things as soon as possible. Mail or SMS/text them directly, you do not want to be in the loop. You might set up an escalation chain, which fires off after a certain amount of errors. Note: make sure that you send the message on a channel that is not affected by the outage: if your e-mail system does not work, delivering a message to that effect should not depend on that e-mail system.
The people in charge of overseeing somebody else's service levels should only get escalation messages, if at all. Rather, they should get the weekly or monthly service reports.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

Website performance is the key to customer satisfaction (2007-06-27)

How often have you typed in the Google URL and received a page that will not load? I am willing to bet that this is a rare occurrence. Despite its busy traffic, Google is a textbook example of a web site that has almost perfect performance and therefore serves a great number of satisfied customers. The market share of the search engine is a resounding confirmation of this. You are assisted quickly, so you come back sooner. Research conducted by JupiterResearch has revealed that visitors to a site only have 4 seconds of patience. If the site has not been loaded by that time, they leave. Error messages also prompt potential customers to go to the competition.

Why do organisations still devote so little attention to the effective availability of their site? Performance is the key to satisfied customers. For many companies, their web site is the face of the organisation. Consumers and also business users of the Internet use the wealth of information on the web to compare purchasing options. It is of immeasurable importance that they are also actually able to find what they are looking for. If this is not possible at one company, competitors are straining at the leash to offer their services through a correctly functioning site.

Coming back to the praise that we had for Google, we see that the search engine has made significant investments in the availability of its web site. The page is run by several machines at various sites. If one crashes there are enough back-up servers that can take over the traffic flows to guarantee optimum performance. In addition, the search machine invests a great deal of time and money in the right hardware and people. Although the site has a difficult task – searching through an index of billions of documents – it is almost always available and loads fast.

The actual site is unspectacular in construction. This applies to the majority of sites with a high level of availability. Simple sites such as the news site NU.nl are almost always easy to access. Nevertheless, it is not only the layout of the site that determines how the web page performs. Too many photos, long symbols and frills make web sites slower to respond. The fact that the ‘back end’ of the site is not efficiently programmed also contributes to longer loading times. Frequent consultation of background databases is also detrimental to the speed of the page.

Where it often goes wrong is when different people are working on a site, thereby disturbing the links between the various elements. The different parts of the site will work correctly, but the site as a wonline intrusion scan will fail to perform. This means long waiting times for people who want to use the services of a company.

Service providers at the upper end of the market are becoming increasingly aware of this. The contracts that they use frequently include a service level agreement (SLA) for the part for which they are responsible. Nevertheless, they regularly make mistakes due to the fact that the promised performance is not subsequently verified (by an independent party). Although it is now essentially part of the contract, there is insufficient actual verification. Ideally, web site performance should become a permanent component of a contract. In addition, clear internal agreements must be made on who has final responsibility for the efficient loading and availability of a site.

Regular testing is also essential for the facilitation of good availability. This will prevent a great deal of errors, keeping the site up and running at crucial times. The storm that blew over the Netherlands at the end of January was a good opportunity to see which sites were prepared for extreme loads and which were not. The site of the Dutch weather institute, KNMI, was almost unreachable, while some logical thought could have protected them from this eventuality. If you know that a major storm is heading towards the country you can be sure that people will search for information on the weather and roads on the Internet. Sites such as those of KLM and Schiphol were also unreachable, while the specially created site Crisis.nl, which had been kept as simple as possible, was able to serve a large number of people.

Including ‘stress tests’ in a SLA or conducting them regularly in-house is therefore to be recommended. Companies can easily take control by ensuring that their service provider executes this type of test or by putting their own site under pressure. This is the best method of checking whether your web site can handle a sudden increase in visitor numbers. It is also good to know whether the servers on which your site is running actually ensure that your page is always available and loads correctly. For companies, it is crucial to see when they are off air. This can save them a large amount of money every year and will also reduce the number of irritated visitors to the site. This is how you keep customers satisfied and keep the company running.

Mark Pors
Chief Technology Officer at WatchMouse

WatchMouse provides site performance monitoring and stress test services

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's online intrusion scan exposure and eliminate the risks of manual audits. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any online intrusion scan risks and provides you with peace of mind that your software applications are being scanned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest issues WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known vulnerability and online intrusion scan exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe issues, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/vulnerability_scan_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

LibXPM Bitmap_unit Integer Overflow Vulnerability (2006-12-18)

An integer-overflow vulnerability is reported to affect libXpm. Reportedly, this vulnerability occurs in the 'online intrusion scan.c' source file and is due to a lack of sanity checks performed on the 'bitmap_unit' value.

A remote attacker may exploit this condition to execute arbitrary code in the context of the application that is linked to the affected library.

Public Exploit Code Available for a Vulnerability in Microsoft Word (2006-12-14)

US-CERT is aware of public exploit code that has been released for a potentially new vulnerability in Microsoft Word. This vulnerability is different from the two previous Word vulnerabilities reported earlier this month. The flaw is caused by a memory corruption error when handling a malformed Word document. By persuading a user to open a specially crafted Word document, a remote attacker could execute arbitrary code or launch a denial of service attack.

More information about this vulnerability can be found in the following:

• Vulnerability Note VU# 996892 - Microsoft Word malformed pointer vulnerability

Until a security fix from Microsoft becomes available, US-CERT recommends the following actions to help mitigate the security risks:

• Do not open untrusted Word documents or attachments from unsolicited email messages.
• Disable automatic opening of Microsoft Office documents.
• Do not rely on file name extensions as a way to securely filter against malicious files.
• Install anti-virus software and keep its virus signature files up-to-date.
• Save and online intrusion scan any attachments before opening them.
• Limit user privileges to NO administrator rights.

Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.

Active Exploitation of a Vulnerability in Microsoft Word (2006-12-14)

US-CERT is aware of reports of active exploitation of a new vulnerability in Microsoft Word. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running Word.

More information about this vulnerability can be found in the following:

• Vulnerability Note VU#167928 - Microsoft Word malformed string vulnerability
• Microsoft Security Advisory 929433

US-CERT recommends that users take the following actions to mitigate the security risks:

• Do not open attachments from unsolicited email messages.
• Install anti-virus software, and keep its virus signature files up-to-date.
• Limit user privileges to no administrator rights.
• Save and online intrusion scan any attachments before opening them.

Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.

Microsoft Releases Advance Notification for December Security Bulletin (2006-12-14)

Microsoft has issued a Security Bulletin Advance Notification indicating that their December release cycle will contain six bulletins, some of which have a maximum severity rating of Critical. The notification further states that five of the bulletins are for Windows, and one is for Visual Studio. The release is online intrusion online intrusion scand for Tuesday, December 12th.

We will provide additional information as it becomes available.

Public Exploit Code Available for a New Vulnerability in Microsoft Word (2006-12-14)

US-CERT is aware of a new vulnerability in Microsoft Word. Reports indicate that the issue is caused by a flaw in the way Word handles malformed data structures. By persuading a user to open a specially crafted Word document sent as an email attachment or from a malicious web site, a remote attacker could execute arbitrary code with the privileges of the user.

This vulnerability is different from the Word vulnerability reported on December 6, that was also reported in Microsoft Security Advisory 929433.

According to Microsoft, the following products are vulnerable: Windows 2003 SP0 - SP1, Word XP, Word 2000, Word 2002, Word 2003, and the Word Viewer 2003. Word 2007 is NOT affected by the vulnerability.

More information about this vulnerability can be found in the following:

• Vulnerability Note VU#166700 - Microsoft Word malformed data structure vulnerability

Until a security fix from Microsoft becomes available, US-CERT recommends the following actions to help mitigate the security risks:

• Do not open untrusted Word documents or attachments from unsolicited email messages.
• Disable automatic opening of Microsoft Office documents.
• Do not rely on file name extensions as a way to securely filter against malicious files.
• Install anti-virus software and keep its virus signature files up-to-date.
• Save and online intrusion scan any attachments before opening them.
• Limit user privileges to no administrator rights.

Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.