Consultant Policy

What is the consultant account?
Consultant accounts are essentially the same in every way to normal accounts, except that they have the ability to specify the IP address of the site being tested. Sometimes it is either inconvenient, difficult, or just plainly impossible to be surfing from the machine to be tested. In these cases, an account with the consultant capability will be able to test a site remotely.

Who Gets to Use It?
Only resellers and security consultants may make use of a consultant account. Users/organizations employing consultant accounts must have signed a reseller or consultancy agreement with E-Soft, the publisher of SecuritySpace.com. Click here to learn more about our partnering programs.

Usage Guidelines
Before you audit an IP address, it is absolutely critical that you know to a 100% certainty that you are in fact authorized to scan the IP address in question. There are three basic requirements that must be met before you can run the audit:

  1. You (the user of the consultant account) know who is administering the hardware hosting the IP address to be scanned.
  2. The administrator of the hardware is permitting the audit.
  3. The administrator has signed a Permission to Audit Waiver, and you have faxed a copy to E-Soft at (905) 304-7122

So, how do you address these issues?

1. Authenticating the User
A user is authenticated if one of the following 3 are true:
  1. You personally know the user as being in a position to request the audit of the IP in question. (E.g, the user is an existing client of yours with which you have an existing, established relationship)
  2. A whois lookup reveals the person requesting the audit is a listed contact, and a phone call or email to the user is returned acknowledging the audit request.
  3. A whois lookup on the domain or IP lists a contact for the organization, and an email or telephone call corroborates the user requesting the audit is employed at the organization in question.
2. Acquiring Permission from Administrator
Permission from the administrator of the hardware will be acquired if one of the following are true:
  1. You know the user (or company for which the user is employed) owns and administers the hardware in question (whether it is co-located at an ISP facility, or on the company's premises).
  2. The user's (or company's) ISP confirms that the hardware is administered by the user (or company).
  3. The hardware is administered by the ISP, and the ISP permits you to run the audit.

3. Permission to Audit Waiver
When running an audit on behalf of a client, you must obtain a permission to audit waiver. This form informs the client of the potential for service interruption, indicates the duration of the test, indicates the typical bandwidth utilization during the test, and gets them to agree to have the audit run against their network.

Before you launch an audit for against a client's network, you must obtain a signed copy of this form from the customerr, and a copy of this must be faxed to E-Soft at (905) 331-2504 before you run the audit. Once we receive the fax, we will allow you to audit the network specified on the waiver. We recommend you fax the form to us 24 hours ahead of the scheduled audit time. Without this waiver, your account will not be able to audit the client's network.

A printable version of the waiver is available here.




© 1998-2024 E-Soft Inc. All rights reserved.