Consultant Policy
What is the consultant account? |
|
Consultant accounts are essentially the same in every way to normal
accounts, except that they have the ability to specify the IP address
of the site being tested. Sometimes it is either inconvenient, difficult,
or just plainly impossible to be surfing from the machine to be tested.
In these cases, an account with the consultant capability will be able
to test a site remotely.
Who Gets to Use It? |
|
Only resellers and security consultants may make use of a consultant account.
Users/organizations employing consultant accounts must have signed a
reseller or consultancy agreement with E-Soft, the publisher of
SecuritySpace.com.
Click here to
learn more about our partnering programs.
Usage Guidelines |
|
Before you audit an IP address, it is absolutely critical that you
know to a 100% certainty that you are in fact authorized to scan the IP
address in question. There are three basic requirements that must be met
before you can run the audit:
- You (the user of the consultant account) know who is administering
the hardware hosting the IP address to be scanned.
- The administrator of the hardware is permitting the audit.
- The administrator has signed a
Permission to Audit Waiver, and you
have faxed a copy to E-Soft at (905) 304-7122
So, how do you address these issues?
1. Authenticating the User |
|
A user is authenticated if one of the following 3 are true:
- You personally know the user as being in a position to request the audit
of the IP in question. (E.g, the user is an existing client of yours with
which you have an existing, established relationship)
- A whois lookup reveals the person requesting the audit is a listed
contact, and a phone call or email to the user is returned acknowledging
the audit request.
- A whois lookup on the domain or IP lists a contact for the organization,
and an email or telephone call corroborates the user requesting the audit
is employed at the organization in question.
2. Acquiring Permission from Administrator |
|
Permission from the administrator of the hardware will be acquired if one
of the following are true:
- You know the user (or company for which the user is employed) owns and
administers the hardware in question (whether it is co-located at an
ISP facility, or on the company's premises).
- The user's (or company's) ISP confirms that the hardware is administered
by the user (or company).
- The hardware is administered by the ISP, and the ISP permits you to
run the audit.
3. Permission to Audit Waiver |
|
When running an audit on behalf of a client, you must obtain a
permission
to audit waiver. This form informs the client of the
potential for service interruption, indicates the duration of the test,
indicates the typical bandwidth utilization during the test, and gets them
to agree to have the audit run against their network.
Before you launch an audit for against a client's network,
you must obtain
a signed copy of this form from the customerr,
and a copy of this must be faxed to E-Soft at (905) 331-2504
before you run the audit. Once we receive the fax, we will allow you
to audit the network specified on the waiver. We recommend you
fax the form to us 24 hours ahead of the scheduled audit time. Without
this waiver, your account will not be able to audit the client's
network.
A printable version of the waiver is
available here.