New Nessus Plugins Audit Your Patch Management System Effectiveness

Integrating with Patch Management

In December 2011, Tenable announced that Nessus could integrate with many popular patch management solutions. Initial support was offered for Red Hat Network Satellite server, Microsoft WSUS / SCCM, and VMware Go. More recently, support was added for IBM Tivoli Endpoint Manager (TEM) for Patch Management. Integration with patch management solutions means Nessus and SecurityCenter can collect information about patches from systems without requiring credentials to the targeted hosts themselves.

Today, two new plugins extend our previous integration to automatically cross-reference vulnerabilities from credentialed patch audits with patch information from your patch management solution, reporting discrepancies in a single report.

Continue reading "New Nessus Plugins Audit Your Patch Management System Effectiveness" »

 

Tenable Network Security Podcast Episode 155 - "Patch Management Conflict Auditing"

Welcome to the Tenable Network Security Podcast Episode 155

Announcements

Continue reading " Tenable Network Security Podcast Episode 155 - "Patch Management Conflict Auditing"" »

 

Tenable Network Security Podcast Episode 154 - "Mozilla Patch Updates, Upgrade to the Latest Version (or Not)"

Welcome to the Tenable Network Security Podcast Episode 154

Announcements

Continue reading " Tenable Network Security Podcast Episode 154 - "Mozilla Patch Updates, Upgrade to the Latest Version (or Not)"" »

 

Using Nessus to Audit Microsoft SharePoint 2010 Configurations

Trust, but Verify

Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system and database information from a SharePoint server farm and compares it against the settings specified in the DISA STIG guide for Microsoft SharePoint 2010 servers. This blog entry discusses some of the Nessus functionality that was used to create the audit file.

Poll the typical office about what functionality SharePoint delivers, and the responses tend to be quite varied. Often, SharePoint first appears in an environment as a feature-rich version of the venerable file share. Beyond storing, tracking, and securing documents, more recent versions have added and expanded the suite of collaboration and socialization tools. Many locations have begun to take advantage of the built-in discussion forums, knowledge base, and team or personal blogs. The net result is that more and more of an organization's institutional knowledge and workflow can be routed or accessed through web interfaces or the SharePoint integration found in most Microsoft Office tools.

Continue reading "Using Nessus to Audit Microsoft SharePoint 2010 Configurations" »

 

Tenable Network Security Podcast Episode 153 - "Java, Adobe, and Microsoft IE Vulnerabilities"

Welcome to the Tenable Network Security Podcast Episode 153

Announcements

Continue reading "Tenable Network Security Podcast Episode 153 - "Java, Adobe, and Microsoft IE Vulnerabilities"" »

 

Tracking Wireless SSIDs Using Nessus

Nessus has plugins that can pull out current (or previously used) wireless service set identifiers (WiFi SSIDs) that Windows and OS X systems have connected to in the past. The following plugins are used:

For both of the above checks, you must enter valid system credentials for the target hosts. Below is a sample report from an OS X system:

Osx wifi sm

A listing of previous wireless networks to which a Mac OS X host has connected.

Continue reading "Tracking Wireless SSIDs Using Nessus" »

 

Tenable Network Security Podcast Episode 152 - "WiFi Network History, Self-policing Code"

Welcome to the Tenable Network Security Podcast Episode 152

Announcements

Continue reading "Tenable Network Security Podcast Episode 152 - "WiFi Network History, Self-policing Code"" »

 

Tenable Network Security Podcast Episode 151 - "The Year in Tenable Product Features"

Welcome to the Tenable Network Security Podcast Episode 151

Announcements

The Year in Tenable Product Features

Continue reading "Tenable Network Security Podcast Episode 151 - "The Year in Tenable Product Features"" »

 

Detecting Compromised SSL Certificates Using Nessus

When Thieves Target SSL Certificates

SSL is one of the most commonly used protocols to provide encryption for a variety of different applications. As such, it has come under great scrutiny over the years. While SSL misconfiguration is commonplace, one of the more recent attacks against SSL is to steal the Certificate Authority (CA) certificate. (In a paper released in July 2012, NIST warned that this type of attack would increase). Access to this certificate allows the attacker to issue valid certificates, and in the case of a code-signing certificate, use it to sign malware. Malware executing with this level of trust increases the chances of successfully being installed on the system. Other CA certificates are used to generate website certificates used by attackers to impersonate secure access to a given website.

StealingCookies

Attackers stealing CA certificates has become more common. Don't think of it as stealing a cookie (or three), but more like attackers stealing the recipe to make their own cookies (and not the ones used between web browsers and web applications).

Continue reading "Detecting Compromised SSL Certificates Using Nessus" »

 

Tenable Network Security Podcast Episode 150 - "SSH Vulnerabilities, Password Log Book"

Welcome to the Tenable Network Security Podcast Episode 150

Announcements

New & Notable Plugins

Nessus

Continue reading "Tenable Network Security Podcast Episode 150 - "SSH Vulnerabilities, Password Log Book"" »

 

Why is outcome based security monitoring so critical with “Big Data”?

At the recent 2012 ITSAC conference in Baltimore, John Streufert, the Director of the National Cyber Security Division of DHS, outlined five recommendations for achieving continuous monitoring. These were:

  • Scan daily, at least every 36 to 72 hours
  • Focus on attack readiness
  • Fix daily
  • Grade personally
  • Hold managers responsible

While the above are a key component of the government’s CyberScope program, which mandates monthly reports, many organizations internally perform real-time or near daily security assessments. Yet, this becomes overwhelming with “Big Data”. As a result, many organizations discover vulnerabilities at too slow of a rate to efficiently manage or react to them, and they don’t communicate what needs to be fixed very well. They are caught in a constant struggle of not having the right information and/or not having the right resources to mitigate security issues.

The traditional process of searching for attackers periodically does not work. Organizations must implement continuous monitoring to react in real-time to new vulnerabilities and threats.

To find out how Tenable addresses this, read the white paper “Outcome Based Security Monitoring in a Continuous Monitoring World”.

 

Configuration Auditing Cisco Nexus Operating System (NX-OS) with Nessus

Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit device configurations based on Cisco Nexus Operating System (NX-OS). Cisco NX-OS runs on high-end Nexus switches, MDS storage switches, and Cisco UCS networking. This audit follows most of the recommendations that are included in the Cisco Guide to Securing Cisco NX-OS Software Devices. This blog entry discusses some of the Nessus functionality that was used in creating the audit file.

The Cisco guide covers three major sections: the management plane, the control plane, and the data plane. The audit file itself is a best-effort attempt to cover all the sections included in the guide. Most checks include recommended values, whereas some require user configuration.

Continue reading "Configuration Auditing Cisco Nexus Operating System (NX-OS) with Nessus" »

 

Plugin Spotlight: Samsung/Dell Printer Firmware SNMP Backdoor

Samsung Printers Contain an SNMP Backdoor

Samsung is not the most well-known printer manufacturer in the world (although they hold 28.5% of the consumer TV market). However, they manufacture a full line of printers and multi-function devices for both home and business use. Samsung also manufactures "some" printers for Dell, though an official list is currently unknown.

On November 28, 2012, US-CERT issued an advisory warning that select Samsung/Dell printers contained a hardcoded backdoor that could be accessed via SNMP. There are a lot of interesting facts surrounding this vulnerability, including:

  • The backdoor SNMP service listens on a non-standard UDP port 1118
  • The password for the backdoor is "s!a@m#n$p%c" and allows both SNMP reads and writes. This allows an attacker to change the configuration settings, including resetting the username/password to the device to gain full administrative access
  • Researchers report firmware dating back to 2004 contains this same password for the SNMP community string
  • If SNMP is disabled on the printer, it does not remove the SNMP backdoor on port 1118
  • Before the vulnerability went public, Samsung pulled all the printer firmware from their download sites
  • Dell printer firmware remains on Dell's website for download.

Continue reading "Plugin Spotlight: Samsung/Dell Printer Firmware SNMP Backdoor" »

 

Introduction to new and now available SecurityCenter 4.6 and PVS 3.8

Tenable Network Security has released SecurityCenter 4.6 and PVS 3.8.  These new and now available updates to SecurityCenter and the Passive Vulnerability Scanner include several new features and enhancements.

Adding to the long-standing IPv6 capabilities of Nessus, both SecurityCenter and PVS now support IPv6.  Combined, these create the only truly comprehensive IPv6 vulnerability assessment and management suite in the industry, and expand SecurityCenter CV’s continuous monitoring capabilities to include IPv6 and dual stack IPv4/IPv6 environments.  Other notable features include new asset creation tools, HTML5 dashboards, and multiple reporting enhancements.

 

Watch this introductory video to see several of the new features and enhancements to SecurityCenter and PVS.

 

Tenable Network Security Podcast Episode 149 - "Gene Kim Interview"

Tenable Network Security Podcast Episode 149: Special Edition Interview with Gene Kim

Taking Advantage of Configuration Auditing

Recently, I've been studying configuration management in an attempt to better understand its benefits and the role it plays in an IT organization. Over the past few years, I've spoken to many IT folks about this subject. The conversation often turns into a deep explanation of how their particular organization's IT department, and company as a whole, operates. I've found that configuration management closely relates to the core of an organization's operations, including security, operations, and development.

Let's explain the various terms. Configuration auditing is the process of defining known-good configurations for systems, periodically checking that systems are in the known-good state, and if required, acting on the results to return a system to its known-good state. Compliance auditing is the very same process, however, the configuration settings are defined by a third-party standard (such as PCI DSS).

Continue reading "Tenable Network Security Podcast Episode 149 - "Gene Kim Interview"" »

 

Nessus VMware vCenter Patch Auditing Now Available

Nessus supports vCenter integration, enabling patch checking for enterprise virtualization environments.

Recently, new plugins for Nessus were released which add support for VMware's vCenter product. Nessus users can now enter credentials for vCenter servers, allowing Nessus to perform patch audits against all of the ESXi servers being managed by vCenter. Configuring the scan simply requires a Nessus policy to be created with the appropriate credentials:

Vcenter settings sm

In "Preferences" choose the new option for "VMware vCenter SOAP API Settings," entering the IP address/hostname of your vCenter server, the management port, and credentials.

Continue reading "Nessus VMware vCenter Patch Auditing Now Available" »

 

Tenable Network Security Podcast Episode 148 - "vCenter Nessus Support, Samsung Firmware Backdoor"

Welcome to the Tenable Network Security Podcast Episode 148

Announcements

New & Notable Plugins

Nessus

Continue reading "Tenable Network Security Podcast Episode 148 - "vCenter Nessus Support, Samsung Firmware Backdoor"" »

 

Tenable Network Security Podcast Episode 147 - "HTML5 General Availability, User Security Awareness"

Welcome to the Tenable Network Security Podcast Episode 147

Announcements

New & Notable Plugins

Nessus

Continue reading "Tenable Network Security Podcast Episode 147 - "HTML5 General Availability, User Security Awareness"" »

 

Nessus HTML5 Interface is Generally Available!

Thank you for providing feedback on the Nessus HTML5 beta interface. The beta feedback period is now closed, and the Nessus HTML5 interface is generally available (GA) to Nessus ProfessionalFeed and Nessus Perimeter Service customers, as well as Nessus HomeFeed users. To access the Nessus HTML5 interface, visit https://nessusserver:8834/html5.html (replace “nessusserver” with the IP/hostname of your Nessus server).

We've published a short video introduction which summarizes how to use the new HTML5 interface. The video walks you through how to create a new policy, create a new scan template, launch a new scan, and review results in the new HTML5 interface:

Nessus HTML5 Introduction Video (For more videos, please visit the Tenable Network Security YouTube Channel.)

Continue reading "Nessus HTML5 Interface is Generally Available!" »

 

Tenable Network Security Podcast Episode 146 - "Is AV Dead?, Auditing Firewalls"

Welcome to the Tenable Network Security Podcast Episode 146

Announcements

New & Notable Plugins

Nessus

Continue reading "Tenable Network Security Podcast Episode 146 - "Is AV Dead?, Auditing Firewalls"" »

 

Tenable Awarded Common Criteria Certification EAL2+

We are pleased to announce that Tenable Network Security has been awarded Common Criteria certification, again meeting the rigorous security requirements defined by the Common Criteria for Information Technology Security Evaluation.

Tenable’s Unified Security Monitoring (USM) platform has been certified under Common Criteria (CC) Evaluation at Evaluation Assurance Level Two Augmented with Flaw Remediation (EAL2+). The Target of Evaluation (TOE) includes all the elements that comprise a full deployment of Tenable’s USM platform, including SecurityCenter, Nessus vulnerability scanner, Log Correlation Engine (LCE), Passive Vulnerability Scanner (PVS), 3D Tool, and xTool.

Internationally recognized as the evaluation standard of IT security products, the Common Criteria Certification is mandated for all IT solutions purchased by the U.S. federal government, as well as 25 other countries. Currently, Tenable’s products are relied upon throughout the U.S. federal government, including the entire Department of Defense, and 12 of the 14 U.S. Federal Civilian Departments.

 

Nessus Now Audits Juniper Junos Configuration

Keeping Your Routers and Firewalls in Check

Continuing with the theme of helping you secure and maintain your critical infrastructure (see our previous post: "New Nessus Compliance Checks Available for Check Point GAiA"), we are pleased to announce the availability of Juniper Junos compliance checks. Junos is the underlying operating system (OS) powering Juniper's routers, firewalls, and network switches.

Ensuring a consistent configuration across your entire network infrastructure contributes to a healthy and more secure network. For example, a configuration error could lead to an easily-exploitable weakness on devices (such as a clear-text management protocol or default SNMP community string settings). A successful attack against a router allows someone to sniff all the traffic passing through it, potentially accessing sensitive information or performing Man-in-The-Middle (MiTM) attacks.

New Compliance Checks

To provide Nessus users with a way to audit Junos router/firewall/switch security settings relating to the underlying OS, we've developed a set of checks based on the CIS Benchmark for Junos as a guide.

Continue reading "Nessus Now Audits Juniper Junos Configuration" »

 

New Nessus Compliance Checks Available for Check Point GAiA

Keeping Your Firewalls in Check

Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.

New Compliance Checks

To provide Nessus users with a way to audit firewall security settings relating to the underlying operating system (OS), we now support the Check Point GAiA OS, implementing about 50 compliance checks for various settings based on best practices. The checks are for OS settings only and do not allow you to audit the firewall rules themselves. Below is an example:

Checkpoint gaia sm

Continue reading "New Nessus Compliance Checks Available for Check Point GAiA" »

 

Tenable Network Security Podcast Episode 145 - "Source Code Leaks, Problems with Computer Security"

Welcome to the Tenable Network Security Podcast Episode 145

Announcements

New & Notable Plugins

Nessus

Continue reading "Tenable Network Security Podcast Episode 145 - "Source Code Leaks, Problems with Computer Security"" »

 

Using SSL to Secure Your Vulnerability Data

The Benefits of Proper SSL Configuration

Protecting your vulnerability data from unauthorized users, whether the threat comes from external attackers or malicious insiders, is an important part of a vulnerability management program. Nessus allows users to configure SSL to provide both privacy and authentication. SSL can be configured locally or integrated into your own PKI infrastructure, allowing Nessus to be compliant with in-house security policies and standards.

Continue reading "Using SSL to Secure Your Vulnerability Data" »

Tenable Network Security


The official BLOG of Tenable Network Security and the Nessus vulnerability scanner.