Security Consulting for the small business (long question)

[techwriter56]

Hello,
I am an unemployed programmer who actually does not want to
program anymore. What I am doing is redefining my technical
background and see what I can actually do in the IT depression we are having.
In my search I ran into a company called Invisus. They are
about a year old and have a small/mid comany solutions for
security.
KNowing enough about security in my past 20 years in IT I know that firewalls are typically hardware albeit a number
of companies do have software solutions for FW.
Is this company for real ? They have no reference or any outside endorsment on the web-site. Not even an address.
The second question is about some sort of Anti Hacking kit(they also propmote).
This will stealth your ports and find any worms or viruses
that may be attached to a given port. (now I am getting into areas I know squat about)
How can you attach any piece of software to a port to wait
for it to open? Who else makes this Anti Hacker Kits
I somehow never heard about this..
Does anyone know about this company ? They gave a web-site.

 

[TheGrey]

i have no idea about the company...
regarding "anti hacking", nessus is a very popular opensource security scanner, so as a programmer, you can see what it is doing, or even read faq's about it. (

http://www.nessus.org)

 

[welshguy]

I also don't know about this company but looked at their site. Nothing particularly new here. The security toolkit which can check your servers/pcs are available in many different formats -a lot free such as Nessus mentioned above. They are just effectively port scanners and check which ports are open and what application is running on that port.

"How can you attach any piece of software to a port to wait
for it to open?"

This is how nearly any client-server software works(including remote access Trojans) take for instance Telnet -it has both a client and server component. The server software listens for connections on port 23 for the client to connect.

They are just a small firm using security tools to offer a service - fair enough really. Anyone with a little knowledge can put together a free anti hacking kit.

As far as firewalls - they are not just hardware based - there are many very well used application and software firewalls - in fact many use them in preference to hardware based firewalls.

Just a few thoughts - if you're looking to move into this area be aware that it's a huge subject saying that a programming is a good background to have for security.

 

[SubNet7]

Hello TechWriter56,

Have you found anymore info on this company you've mentioned (Invisus)? I would also like to know more about the company. I've scanned all the search engines about this company and the Better Business Bureau and still can't find a thing about them other than their home base which is in South Jordan, UT.

I did, however, contacted them and submitted a request for futher info. The company, marketed by Evolution Services, did send info. but still vague about company history.

The info was primarily a sales consultant proposition opportunity that would require a purchase of a license to represent the company (Invisus). The license fee is very expensive and according to the company, if they decide to accept you as a consultant, you should have no problems paying the license fee, but if you cannot, you don't pay the rest that you would owe. The catch is the deposit which is 2/3 of the cost of the license fee. I have not found an area within their prospectus that if you fail, you would receive your deposit back.

The company is also very optimistic about their income potential.

Very leary about this.

So, if you find more info, by all means please let me know.

Thanks,

SubNet7

 

[techwriter56]

Yes the whole issue of invisus or any hacking tool is the
liability you have or don't have versus the clients you sell your software. The company has and uses free tools forom the internet and repackages them. They sell the license to a software wholeseller who can cause a little stir in the tech community. The problem is the end consultant has the burden of having some contract and deliver the product that invisus has whereby the user could just download that very same thing for free. Now the bad part comes. What happens if the company gets hacked where you sold this protection? You (the consultant will) get sued out of business. The wholsaler also may get sued and the company will be in the clear. Their demise is that not too many people are that stupid or they are only making their profits from naive liceses (wholseler) not the true market. The same packages are offered by Mcafee and other big names with out the mickey mouse stuff from Invisus.
One licensee here in Sacramento is cursing the day he ran into these guys because the true 'suckers' are the ones who pay for this "wholeseler license".