Zone+ Security Monitor and FAQ

Zone+ Security Monitor

What is Zone+ Security Monitor?

Zone+ Security Monitor is a web security monitoring system that gives a user an overview of website vulnerabilities and potentially dangerous actions on the web server. The service analyzes files based on known antivirus signatures and behaviour pattterns when source code of files have been changed.

How to install the Security Monitor?

The service can be installed via the Zone+ application manager.

When the service is ordered and activated, you can enter the control panel via Zone+.

What is a homepage fast scan interval, website deep scan and a server scan?

• During a quick scan, the service only checks the main page with open or public access.
• During a deep scan, the service checks all pages of the website with open or public access.
• During a server scan, the service analyses files found on the server. This allows detection of vulnerabilities as well as problems not visible with open or public access.

What is advanced defacement analysis & SSL analysis?

• For defacement analysis, the service can detect changes made on the main page and notifies the user when anomalous changes occur.
  For example, if the main page is changed and the page content is replaced with a picture file or if text is changed (to Arabic etc.).
• For SSL analysis, the service checks the validity period of the SSL/TLS certificate on site, it’s chain and SSL/TLS configuration problems.

What information does Zone provide Zone+ Security Monitor with?

We provide the Zone+ Security Monitor with the following information as it is necessary to compose and transmit scan reports:

• ZoneID Username
• ZoneID account contact information
• The domain name for monitoring purposes.

Does the service copy user data to its servers?

No, Zone+ Security Monitor scans files on the Zone server, only the list of files and the hash composed based on these files are copied to the Zone+ Security Monitor servers.
This information is used to detect vulnerabilities and malicious software, as well as for composing the reports.

What is Zone+ Security Monitor’s privacy policy?

You can find additional information via Imprint & Data Protection – Nimbusec Website Security & Compliance

Does Zone+ Security Monitor work like a firewall?

No. Zone+ Security Monitor is not an active tool for data monitoring. Unlike a firewall, which scans data in realtime, Zone+ Security Monitor scans are performed at specific intervals.

Does this service remove malicious software from the server?

No. Zone+ Security Monitor works only as a server monitoring system. Malicious software on the website must be removed by website administrator. Malware cleanup service can be ordered either from Zone or Zone+ Security Monitor.

How will Zone+ Security Monitor warn me about security issued and problems found?

By default, Zone+ Security Monitor sends alerts via email. When “Aggressive” package is chosen, users will be notified via SMS as well. The ZoneID contact information is used when sending notifications. Zone+ Security Monitor management can be accessed via Zone+.

Where can I see the results and history of Zone+ Security Monitor scans?

The overview, report and history of scans are available in Zone+ Security Monitor control panel, which is accessible via Zone+.

When does the server scan take place?

The initial scan is performed within 15 minutes after the application is installed.
Server scans are scheduled according to the chosen package as follows:

Basic: Every Sunday at 10
Advanced: Every morning at 8
Aggressive: Every 4 hours (0, 4, 8, 12, 16, 20)

The infected files are removed from the server, but are they still present on the report?

The deleted files will be present in report until the next scan is completed, i.e. scan results will be updated according to selected package.