Re: Anyone hear of ANSA (Asp.Net Security Analyser)??

From: System Knight (white_aura_knight_at_hotmail.com)
Date: 10/19/03 

Date: Sun, 19 Oct 2003 00:36:33 +0000 (UTC)

"NomadPgmr" <nomadpgmr@hotmail.com> wrote in message
news:SLshb.254728$mp.178119@rwcrnsc51.ops.asp.att.net...
> I work for a web hosting company and recently received an email from
someone
> interested in secure hosting. They asked me to run the following scripts
on
> one of our web servers, saying they would only host with a company whose
> server passed all of these tests. I have not done so and if we were even
> tempted to do so, would only do it on an isolated server that we formated
> the hard drives on afterwards. We don't even like to run some commercial
> applications or home made DLL's, so no reason to start now. Has anyone
heard
> about these scripts or gotten a similar email?
>
> Body of email follows:
> Thanks,
> Roger
>
> Hello, I am interested in your Asp.Net hosting services and would like to
> know more details about its security.
>
> I work for a security company (***********) and we need to find a secure
ISP
> to host some of our client's websites (particularly this one:
> **************)
>
> We also want to start offering our own ******* branded packages in our
> website.
>
> We will be reselling 'Secure Asp.Net' hosting packages using servers/ISPs
> that successfully 'fail' all ANSA (Asp.Net Security Analyser) security
> tests.
>
> So, please download the latest version of ANSA from GotDotNet
>
(http://www.gotdotnet.com/Community/Workspaces/workspace.aspx?id=36ae9a2c-87
> 40-4b52-924e-320edf64fba5) and if your servers are securely configured
(i.e.
> there is no 'high' or 'critical' and only some 'medium' classification
> results) send me details about your reseller hosting packages.
>
>
>
>
>

  I AGREE!!!!

I just visited their website, it all looks to suspect to me. I would play
it safe, losing one customer (which is demanding by the sounds of it) rather
than your entire business sounds a more viable option.

Relevant Pages

  • Re: Courtyard arrangement - Jeff Middleton
    ... can do with ISA server publishing and how we interpret the idea of ... Microsoft MVPs ... SBS and hosting ... website or if we just had an ISP for the site, ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent: Problem setting up web site hosting on SBS03 with ISA
    ... On the other side of the coin, perhaps we can also stipulate that many of these issues can be mitigated by a knowledgable administrator who has the skill and experience to properly configure all aspects of the server. ... port 80 as opposed to the other avenues of attack that SBS presents on the external network, inparticular those that also rely on IIS for their core functions. ... Unless new vulnerabilities in IIS are discovered, hosting static HTML pages is probably fairly safe. ... Its database is kept synchronised to a master Access/SQL database on the customer's premises by means of email. ...
    (microsoft.public.windows.server.sbs)
  • Re: Domain Change
    ... If DYNdns.org is handling your External DNS, have them change this to your new IP of the website. ... >> server has a dynamic IP. ... >>> All you need to do is rent space on a ISP hosting service and FTP ...
    (microsoft.public.backoffice.smallbiz)
  • Re: companyweb - Sharepoint services
    ... Public website hosting implies that you would have to open port 80 to the Internet which is vulnerable to hack attacks. ... There are other options, if the budget exist ) to have a separate server in a DMZ zone, and host the public site there. ... Small Business Server 2003 and reinstall the Monitoring component. ...
    (microsoft.public.windows.server.sbs)
  • Re: Can no connects to mySQL database
    ... Have you tried do this at shared virtual hosting, ... Then when you lease space on a database server, ... It may well be that the hosting company insists that you access the ...
    (comp.lang.php)