• Products
  • Site Certification
  • Appliance
  • Perimeter Check
  • Desktop Check
  • Product Comparison
  • Penetration Testing
  • Consulting Services
  • PCI Onsite Audits
  • PA-DSS Audits
  • Forensic Response
  • PTS
  • FREE Port Scan
• Resources
  • Information
    • IP Information
    • IP Sleuth
    • Port List
  • Security Tools
  • Acquirers
• Services
• Support
• News
• Blog

• Buy now
  • Price List
• Contact us
• Test Results
• Register
  • Edit Profile
  • Forgot Password
• Search
  • Site Map

FAQs - Frequently Asked Questions

• New! Should I turn off PortSentry and other IDS/IPS products during a Desktop Check, Site Certification, or Perimeter Check?
  Yes! SecurityMetrics products check for thousands of vulnerabilities at a much faster pace than a typical attacker. For accurate results, make sure that SecurityMetrics is not blocked by any IDS/IPS products.
  
  
• How/When can I put the "SecurityMetrics Certified" logo on my site?
  Only customers who are enrolled in a Site Certification service (at any service level) may put the SecurityMetrics Certified logo on their website. Instructions are provided inside passing test results of each Site Certification.
  
  
• How do I close open ports?
  To "close" a port, you need to shut down any programs that are listening on that port. Instructions on how to shut down various programs are included in the Port Scan Recommendation email (see bottom of Port Scan) and in all the results in the Test Results area.
  
  
• What is the difference between "Stealth" and "Closed" ports?
  A "Stealth" port status means that something (like a firewall) is filtering this port, so we can't tell whether the port is open or closed. A "Closed" port status means that we can directly scan the computer, and it answers that nothing is currently running on the port.
  
  
• Why does my Port Scan take so long?
  A firewall increases the amount of time to do a Port Scan.
  
  
• I ran a Port Scan, but the results I got aren't correct. Why?
  Port Scan results reflect the security of any firewall, proxy, or router between you and the Internet.
  
  
• I have a firewall that I know is working, but my Port Scan said that I have open ports. How is this possible?
  If you or your ISP/Company are routing your Internet requests through a proxy server or firewall then we may test that computer rather than your computer.
  
  You can check by running winipcfg on Windows 95/98/ME or ipconfig on Windows NT/2000/XP in a DOS shell. Compare the resulting IP address to the one we scanned. If they are not the same then we are scanning the proxy or firewall instead of your computer.
  
  
• Do your online tests work through firewalls?
  Our online tests show which ports appear open to the public. If you use a firewall your computer may have more ports open than our portscans indicate. This discrepancy simply means your firewall is protecting your computer. If a port scan detects weaknesses on your firewall you can send that information to the appropriate person since a weak firewall jeopardizes your internal network (corporate, ISP, etc.) security.
  
  
• What is the difference between a Desktop Check and Site Certification?
  The Desktop Check is designed for any user whose computer is connected to the Internet. The user must visit our website and start a Desktop Check from the machine they want to check.
  
  Site Certification is a higher-level service designed to run a Desktop Check on a specified IP address at least quarterly for a year, depending on the level of service chosen. We update our database with an average of five new vulnerability scripts every week, to keep you protected from the latest vulnerabilities.
  
  
• What components do you use to perform security vulnerability assessments?
  We use a number of security tools to provide the best vulnerability assessments to our customers. We use curl, hping, hydra, nessus, netcat , nmap, stunnel, tcpdump and more. We are grateful to those who make these tools available.
  
  
• How do I run a Desktop Check on my computer directly if my ISP is using a router, proxy, or firewall?
  If your ISP is using a router, proxy or firewall then give us a call toll-free at 1-877-311-4400 and we'll see what options are available for you.
  
  If your ISP has given you a public IP then we can initiate the Security Check for you after we've verified your IP.