
Cyber Security Scans - Part 1
This will be a multi-part blog post explaining one of our newer services and how we were successful for one customer.
Simply Web Services, LLC, has always offered Cyber Security Scans as a service, but we never really broadcast it.
First, let me state for the record that not all Cyber Security scans are created equal; in fact, that is their whole marketing point and how they make money. In this case, I have a client whom I will call “Bob’s Retail Store” with the domain name of “bobsretailsva.com” (all info has been changed to protect the innocent). Due to the nature of their business, they are required to have Cyber Security Insurance, and one of the requirements for that insurance is that they must pass a vulnerability scan. I got an email from the client stating that they failed their scan, with an amazing 64%, while the national average is an 87%. I was shocked to see such a low result. I take great pride in ensuring my web servers are modern, fast, and up to date with patches. I work in Cyber Security, and I can’t have servers that aren’t patched and full of vulnerabilities.
I told them not to worry, I will dig into the results and get things on the right track.
I created an account on the scanning website (with the client’s permission) and reviewed the entire report firsthand. Here are the results from their first scan and what I did to rectify the situation.
There are a total of 49 findings in the “NETWORK SECURITY” section
There is 1 high-severity finding
There is 1 finding in the “SSL/TLS Service Supports Weak Protocol” category, for the IP address that is used by the remote monitoring service
There are 8 medium-severity findings
There is 1 finding in the “SSH Supports Weak Cipher” category for the IP address that is used by the remote monitoring service
There is 1 finding in the “SSH Supports Weak MAC” category, for the IP address that is used by the remote monitoring service
There are 6 findings in the “TLS Service Supports Weak Cipher Suite” category, for the IP address that is used by the remote monitoring service
There are 17 low-severity findings
There are 17 findings in the “FTP Service Observed” category, 2 for the IP address used by the remote monitoring service, and 15 for other IP addresses on my server that are not related to this website (this is a shared server with 10 total IP addresses). Not sure how they are pinging on these, however, they are not finding anything related to anything other than I have FTP available, and I will ALWAYS have that available on my servers.
I was able to have all these removed as they are not associated with this client’s website, and most are not even on my server. The FTP is considered an acceptable risk because it is a required service, and it is locked down as much as possible for this type of environment. My response was: This is how the customer uploads and modifies their website (outside of the CMS), but the FTP service is the latest version of ProFTPd, using SFTP on an obscure port, with Anonymous FTP disabled.
Today, the “NETWORK SECURITY” section looks like:
In the next post, we will continue with the initial scan results.


