AVARS - Frequently Asked Questions

What is Vulnerability Assessment?

Most of the software that we use today contain many vulnerabilities. Most of these vulnerabilities are 'Critical'. In other words vulnerabilities are errors or weaknesses in the IT assets such as software that are prone to exploitation or Hacking. Vulnerability Assessment is a systematic proess of scanning the operating systems or application software to identify known and unknown vulnerabilities and rank them based on their criticality using scanning tools.

What are different types of Vulnerabilities?

Vulnerabilities can be grouped under nine different types based on the error or the weakness. Most of the vulnerabilities are genrally related to access control, authentication, buffer overflow, input validation, exception handling, resource, randomization and state error.

What will happen if a Vulnerability is exploited and who exploits vulnerabilities?

When a vulnerability is exploited the impact will be a security violation. Denial of Service (DoS) and Privilege escalation are two dangerous impacts.

Vulnerabilities are exploited by Malware such as viruses, trojan horses, worms, spyware and so on. Malicious hackers compromise the systems through vulnerability exploitation

Where do I get more inofromation about Vulnerabilities?

The best source is Common Vulnerabities and Exposures (CVE) (a dictionary for Vulnerabilities) and US Government National Institute of Standards and Technology (NIST) sponsored National Vulnerability Database (NVD)

What is AVARS?

AVARS stands for "Automated Vulnerability Assessment and Reporting Services" provided by Chennainet. It is a web 2.0 based service model delivered via the Internet.

What are the steps in AVARS Process?

The Avars process consists of Scanning, Vulnerability Assessment and Reporting.

  • Scanning: Avars uses an a server based scanner to scan the web facing IT systems for identifying vulnerabilities
  • Vulnerability Assessment: It analyzes the vulnerabilities present in your system and draws conclusion on criticality of the identified vulenrabilities.
  • Reporting: Avars generates the reports automatically on the vulnerabilities found in your system. Nearly 9 types of pre-built reports are generated.

What are the Features and Benefits of Avars?

  • Features: Avars has an automated scanning process; it generates automated reports based on customer requirements; it has a customizable interface with widgets; online help is available at every stage.
  • Benefits: Manual scanning and reporting is avoided; it has a transparent view for administrators, managers and auditors; it demonstrates compliance to secure management of vulnerabilities; it helps clients to adhere to various legal and regulatory requirements.

    • Do i need to download anything for using AVARS?

    No. It is an online service delivered through the internet. You can access the system through the Web Browser.

    Pricing?

    AVARS is priced per IP model.

    What is the guarantee for the privacy of my data?

    AVARS uses 128 bit encryption through a secure protocol. This assures safety to your entire activity using the system

    Who is DNV?

    Det Norske Veritas. AS (DNV), is an international third party auditing firm engaged in the activities of certifying organizations for ISO9001, ISO20000, ISO27001 and so on. You can find more about DNV at DNV India Website

    How will DNV certification help me?

    The DNV certificate is a third-party endorsement that will give trust and confidence to your vulnerability assessment process.

    What are the international standards requirements, that Avars helps the client to comply with?

    some of the international standards and regulations are:
    ISO 27001, HIPAA, SOX, GLBA, PCI/DSS, DPA, IT ACT, Cyber Law etc. AVARS will help you showing evidence of vulnerability management activities.

    What resources should the client put aside for using AVARS?

    Primarily AVARS requires a technical admin to setup the scanning activities. ChennaiNet tecnicians can also setup the system for the clients.

    What scanner does AVARS use? Is it internal or external?

    AVARS uses an external scanner using popular scanning tolls such as Nessus, Nmap and Nikto web vulnerability scanner . The scanning is performed from a centralized scanning server.

    Will scanning interrupt or affect the servers?

    The default scanning process will not have any impact on your server resources. However, when a scanning is performed with custom options such as scanning all the ports or scanning by connecting to the ports, there will be very low impact on performance. You can assigh a custom scan timings such as out-of-office hours to perform such resource intensive scans.

    How much space is required in my system for scanning?

    None. AVARS do not store anything in your system

    How different is AVARS from other similar services?

    AVARS combines automated features with a compliance certification. This resuces cost and also helps organizations to integrate the vulnerability assessment and management activity into their Governance, Risk and Compliance (GRC) framework.

    How cost effective is Avars?

    Compared to manual scanning and reporting process, AVARS will be very much cost effect and in some cases as much as 50% cost reduction.

    How do I signup for AVARS?

    Signup form is available here.