Tenable Network Security Podcast Episode 125 - "Detecting Quicktime Vulnerabilities, Hotel Hackers"

Welcome to the Tenable Network Security Podcast Episode 125

Announcements

New & Notable Plugins

Nessus

  • QuickTime for Windows Versions prior to 7.7.2 Vulnerabilities - A long list of stack, heap, and integer overflows in Quicktime is fixed with this set of patches for Quicktime running on Windows. I'm curious to see if there are exploits available and how modern protections against them will work, or not.
  • SolarWinds Storage Manager Server LoginServlet SQL Injection - This is usually bad: "The version of SolarWinds Storage Manager running on the remote host has a SQL injection vulnerability in the 'loginName' parameter of the 'LoginServlet' page." This typically means you don't need credentials to exploit the vulnerability, and access to the database via SQL injection can lead to shell access and the ability to download the data contained on the system.
  • Pidgin OTR (Off-the-Record) Format String Vulnerability - I've used OTR for some time now to prevent attackers from snooping on my IM conversations. It sounds like this could be exploited if you accepted a key from someone who was sending a malicious OTR key, thus triggering the format string vulnerability.

Continue reading "Tenable Network Security Podcast Episode 125 - "Detecting Quicktime Vulnerabilities, Hotel Hackers"" »

Posted by Paul Asadoorian on May 23, 2012 in Podcast | Permalink

 

Cyberwar: You're Doing It Wrong!

Cyberwar remains a hot topic of conversation in both political and technology circles. But Tenable Chief Security Officer Marcus Ranum asserts that much of the discussion has been--and remains--misleading and inaccurate. In this presentation from the 2012 RSA Conference, Marcus outlines his thoughts on the multiple problems that comprise cyberwar to get past the hype and articulate what risks actually exist. Watch now on YouTube.

Posted by Dale Gardner on May 21, 2012 in Events, In the News | Permalink

 

File Integrity Auditing with Nessus

Tenable has added a compliance check for Windows which allows users to compare file hashes using a .audit script (Windows compliance checks v2.0.32 or later). By default, MD5 is used to compare two versions of a file, however, users can compare hashes generated with SHA1, SHA256, SHA384, SHA512, or RIPEMD160 algorithms.

Microsoft PowerShell must be installed and WMI must be enabled on the target for these checks to work. If the Windows firewall is enabled, be certain it's configured to allow inbound remote administration (Windows Firewall: Allow inbound remote administration exception).

Below are some examples:

<custom_item>
type           : AUDIT_FILEHASH_POWERSHELL
description    : "Audit FILEHASH - MD5"
value_type     : POLICY_TEXT
file           : "C:\test\test2.zip"
value_data     : "8E653F7040AC4EA8E315E838CEA83A04"
</custom_item>
 
<custom_item>
type           : AUDIT_FILEHASH_POWERSHELL
description    : "Audit FILEHASH - SHA1"
value_type     : POLICY_TEXT
file           : "C:\test\test2.zip"
value_data     : "0C4B0AF91F62ECCED3B16D35DE50F66746D6F48F ||  "QB4B0AF91F62ECCED3B16D735DE50F66746D6F451"
hash_algorithm : SHA1
</custom_item>

For more information, and to download more examples of this feature, please visit the Tenable Support Portal.

Posted by Paul Asadoorian on May 18, 2012 in Compliance Monitoring, Nessus | Permalink

 

Plugin Spotlight: Mac OS X FileVault Plaintext Password Logging

Encryption is Only as Strong as the Key

In this case, encryption breaks down because the OS X user's password (used to unlock an encrypted volume) is logged in clear-text via debugging function to a system-wide readable log file. In this scenario, a user running Mac OS X 10.7.3 would encrypt their drive using File Vault, which is included with OS X and encrypts the entire contents of your hard drive. When your system boots up, or you access your files over AFP (Apple's File Sharing Protocol), the system uses your password to decrypt the contents of the drive and your home folder. Debugging in vulnerable versions was enabled such that the password was logged in plain-text to /var/log/secure.log, as follows:

25/04/2012 13:12:12.340 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:usernam e:] | about to call _premountHomedir. url = afp://mymacbookpro, userPathComponent = paul, userID = 001, name = paul, passwordAsUTF8String = mysupersecretpassword

Continue reading "Plugin Spotlight: Mac OS X FileVault Plaintext Password Logging" »

Posted by Paul Asadoorian on May 17, 2012 in Nessus | Permalink

 

New Nessus Feature Added: CSV Export

Exporting To CSV

Nessus now supports the ability to export your reports into a comma-delimited file format (CSV). Using this export format, you can import the results into your favorite spreadsheet program. Tenable recommends using the following software:

  • Microsoft Excel 2010 or later
  • Apple iWork Numbers

To export a CSV-formatted report, select any of your existing Nessus results, click "Download Report," and then choose "CSV" as shown below.

Nessus Export CSV

Select the "CSV" Reporting Format

Continue reading "New Nessus Feature Added: CSV Export" »

Posted by Paul Asadoorian on May 16, 2012 in Nessus | Permalink

 

Tenable Network Security Podcast Episode 124 - "OS X Vulnerabilities, Laptop Security at Conferences"

Welcome to the Tenable Network Security Podcast Episode 124

Announcements

New & Notable Plugins

Nessus

Continue reading "Tenable Network Security Podcast Episode 124 - "OS X Vulnerabilities, Laptop Security at Conferences"" »

Posted by Paul Asadoorian on May 15, 2012 in Podcast | Permalink

 

Plugin Spotlight: RuggedOS Telnet Server Default 'factory' Account Backdoor

Embedded Device Security Woes

Having researched embedded device security for quite some time, it never ceases to amaze me how manufacturers present vulnerabilities in their products. While I do not want to start picking on specific manufacturers (as the development process is not as easy as one might think), RuggedCom's Rugged Operating System (ROS) recently had a vulnerability disclosed. According to their website: "RuggedCom [a Siemens business unit] designs and manufactures rugged communications equipment for harsh environments." They produce a full product suite, from Ethernet switches to wireless networking, aimed at industrial (SCADA) usage.

A recent vulnerability detailed how remote management services, including TELNET and SSH on select firmware versions, contained a factory backdoor. The username of "factory" and a password derived from the MAC address could be used to log into the device. The MAC address for the devices is displayed in the login banner before entering the username and password. A post to the Full Disclosure mailing list on April 23, 2012, revealed this vulnerability to the public.

Scanning Your Network For The Vulnerability

Continue reading "Plugin Spotlight: RuggedOS Telnet Server Default 'factory' Account Backdoor" »

Posted by Paul Asadoorian on May 14, 2012 in Nessus, SCADA | Permalink

 

PVS and Facebook Game Detection

Keeping Your Workforce Productive

Companies maintain IT resources and hire employees to further their business. Invariably, employees will take breaks or look to cut corners when they think no one is looking. In today’s networked world, those breaks frequently take the form of web surfing or personal email. Many companies allow such behavior, within reason, as it boosts morale and helps keep employees from burning out. However, at times, lines are crossed and an employee may be using too much time for personal needs. It is important for a company to be able to monitor this in order to enforce an acceptable balance between work and breaks.

Tenable’s Passive Vulnerability Scanner (PVS) is able to detect a wide variety of Web-based games, including ones found on Facebook. Such games are often a "quick indulgence" where the employee thinks they will only play for a few minutes. In fact, many of the games are designed with a time-based component which essentially stops a user from playing for hours at a time. These same games also have a pretty quick refresh rate, allowing a user to play a few minutes every hour, for example. Over time, those few minutes can add up quickly, especially when a person plays several different games.

Using PVS and SecurityCenter, administrators can quickly determine the extent of employees playing these games, wasting both time and computer resources. With a custom dashboard created by Tenable which uses data from our collection of PVS game detection plugins, administrators can better visualize the social media’s game activity on the network. Based on your organization’s policy, this may indicate violations requiring action by management.

Tracking Facebook Games

You can download the SecurityCenter dashboard template by visiting the Facebook Games entry on the SecurityCenter Dashboards blog.

Posted by Randal T. Rioux on May 09, 2012 in Passive Network Monitoring, SecurityCenter | Permalink

 

Tenable Network Security Podcast Episode 123 - "Network Management Vulnerabilities, RuggedOS Backdoor"

Welcome to the Tenable Network Security Podcast Episode 123

Announcements

New & Notable Plugins

Nessus

  • CiscoWorks Common Services HTTP Response Splitting - HTTP response splitting is a tricky vulnerability, and therefore may be dismissed by some as unimportant. Essentially, it can give attackers control of a web application if they can convince users to click on a link or load HTML code in their browser. Also important to note that CiscoWorks is used by many to manage the entire network infrastructure. My attack against this software would aim to steal the SNMP or other credentials on all the network gear in your network.
  • MediaWiki Multiple Vulnerabilities - Important updates for this software if you are running MediaWiki, a very popular Wiki software which also runs Wikipedia.
  • VMware Workstation, Player, ESXi and ESX Critical Patches - ''This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.'' - Any vulnerability which allows an attacker to execute code on the host system of your VMs should get the highest priority on your patch list.
  • PHP Unsupported Version Detection - Keep up-to-date with your PHP releases! Easier said than done, as some developers will write applications which lock you into a specific version, making upgrading a much slower process.
  • RuggedOS Telnet Server Backdoor - This one has been featured in the press lately. I'm confused as to why the MAC address would be displayed in the TELNET banner.
  • Scrutinizer Multiple SQLi Vulnerabilities - Used to manage NetFlow data, SQLi bugs are ones you don't want to see in this type of application.

Continue reading "Tenable Network Security Podcast Episode 123 - "Network Management Vulnerabilities, RuggedOS Backdoor"" »

Posted by Paul Asadoorian on May 08, 2012 in Podcast | Permalink

 

Monitoring Internet-facing Servers with SecurityCenter & Nessus

Covering All Your Bases

Internet-facing servers are a popular attack target: They are accessible to everyone on the Internet and can easily be probed for vulnerabilities. Based on exposure alone, Internet-facing servers present a higher risk of becoming compromised. This risk needs to be mitigated if organizations must provide access to services such as web, mail, and VPN connectivity. It is therefore important that these servers are regularly assessed for potential vulnerabilities (and more important that something is done to remediate the vulnerabilities). This blog entry provides guidance for some basic security issues which are important to monitor on Internet-facing servers, such as:

  1. Maintaining Patches - It is important to keep up-to-date with patches in general, and with systems that are exposed to the Internet, fixing both local and remote vulnerabilities are particularly important. For example, a web server may contain a vulnerability which allows an attacker to gain a shell with the privileges of the running user (e.g., www-data). If local vulnerabilities are present, the web server vulnerability can quickly lead to the attacker gaining root-level privileges. With this level of access, attackers have a much better chance to cover their tracks and hide their presence within the system. Therefore, ensuring all available security patches are installed on your systems is important.

  2. Easily Exploitable Web Application Vulnerabilities - If you've ever monitored the logs of an Internet-facing web server, you know attacks against applications are frequent. Application testing involves many different processes and techniques, but you don't want to give attackers any low-hanging fruit. It is important to test your applications before they are put in production, but also continue to monitor for vulnerabilities in production. Several automated tools in use by attackers exploit flaws, such as SQL injection, on a regular basis. Once the application is on your production system, it is important to regularly assess it to stay ahead of the curve and remediate the vulnerabilities before attackers get to them.

  3. Exposed Services - Internet-facing servers ideally offer a limited number of services, since they do not need to support a wide range of services that an internal development server would offer. This makes it easier to scan and identify vulnerabilities and detect any new services which may crop up. Firewalls are often deployed to provide an extra layer of protection for systems exposed to the Internet and ensure that only required services are permitted. Scanning these hosts on a regular basis will quickly identify any new services that are running or mistakes made in firewall configuration which may unintentionally expose an internal service or server.


Continue reading "Monitoring Internet-facing Servers with SecurityCenter & Nessus" »

Posted by Paul Asadoorian on May 04, 2012 in Nessus, Patch Auditing, SecurityCenter | Permalink

 

Tenable Network Security Podcast Episode 122 - "Detecting Skype, Router Vulnerabilties"

Welcome to the Tenable Network Security Podcast Episode 122

Announcements

New & Notable Plugins

Nessus

  • Intuit QuickBooks Help System Multiple Vulnerabilities - QuickBooks contains sensitive information, such as financials and potentially employee/contractor SSNs. Ensuring this software is patched and up to date is extremely important.

  • Juniper Junos CPU Utilization Denial of Serice - This vulnerability is a bit scary for me, as it could be triggered by non-malicious users. Sending data to an HTTP port is an activity which may not look suspicious, however, I've seen where this DoS condition can be triggered by a scanner, monitoring tool, or even an end user.

  • Juniper SSH TACACS+ Incorrect Permissions - One of the first papers I wrote on security was on the subject of configuring TACACS+. I have to say, it's not a simple task, and there are many options, some of which could lead to either locking users out of a device or giving people too much access. This is a bug in the configuration, which could further complicate things.

Passive Vulnerability Scanner (PVS)

  • Skype client detection - Skype just fixed a bug in the API which allows anyone to map a Skype username to an IP address. Vulnerabilities such as this, in addition to potential bandwidth consumption, are reasons to limit usage of this software in your environment.

  • Rockwell Automation Service Detection - Rockwell is a popular manufacturer of SCADA devices. Nice to see PVS adding signatures. Not only is a great way to monitor sensitive equipment, it helps raise awareness of security issues.

SecurityCenter Report Templates

  • Software Inventory - I think it's great you can work with this level of information and use it to detect policy violations.

  • Netstat Active Connections - Yet another great component. Not only can you see what software is installed, but which connections are being made. I see this being used to monitor in real time, as well as a vital piece of information when doing incident response.

SecurityCenter Dashboards

  • Exploits By Platform - Great view of the percentage of exploitable vulnerabilities and which exploit frameworks contain them.

Stories

  1. How To Hide From Face-Detection Software - "...here's what you might wanna wear to a party this weekend: A funny hat, asymmetrical glasses, a tuft of hair that dangles off your nose bridge and, most likely, a black-and-white triangle taped to your cheekbone." And why you might ask? To hide yourself from surveillance cameras, of course! A researcher from New York University is working on ways to hide your face from cameras. This could be a way to protect your privacy or evade detection to commit crimes. The current methods have you, well, looking like a futuristic warrior from your favorite Sci-Fi flick. Other than Halloween, it's not very practical. However, the researcher is "trying to come up with a hat that will look cool and still could conceal his identity - at least from the computers."

  2. Skype divulges user IP addresses - The H Security: News and Features - Using the Skype API, you can enter a username of someone using Skype and it will report back an IP address.

  3. NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account - "NfSpy is a FUSE filesystem written in Python that automatically changes UID and GID to give you full access to any file on an NFS share. Use it to mount an NFS export and act as the owner of every file and directory." That's really neat! I always look for open NFS and SMB shares on the network when doing a penetration test, as it could yield some interesting data. This tool takes it a step further and gives you full access.

  4. Who's tracking phone calls that target your computer? Stay Tuned to the ISC - This is yet another account of social engineering: Someone calls pretending to be from Microsoft, tells you you're infected with malware, then directs you to install their malware. The question being posed is just how frequent this attack is? I'm not certain how it scales, or how easy/difficult it would be to track down and defend against. A blanket warning to all computer users to "never install software from stingers" might help protect people, but who would listen?

  5. Nissan Confirms Cyber Attack and Network Breach - "Nissan believes that no sensitive customer, employee or proprietary data was compromised, but acknowledged that some account login credentials may have been exfiltrated." First, I think it's okay to keep a breach private for 7-10 days while you perform incident response. You just don't need that level of headache until you have all the facts. Furthermore, I want to know what techniques you are using to determine which data was accessed and if it was transmitted out of the organization. Is this a digital forensics issue? Do you look at the file system and see which files were accessed? Network logs? How do you know your data wasn't encrypted going out?

  6. Vulnerability Management Evolution: Evolution or Revolution? - Some great tips in this article, such as "Start by revisiting your requirements, both short and long term. Be particularly sensitive to how your adversaries’ tactics are changing." I find a lot of people overlook this step or don't put in enough thought behind it. The products you use should align with the goals of your department and overall with your organization.

  7. Google staff knew for years about Street View data breach - Is this information public already, and therefore not a big deal, or is Google being evil?

  8. Inception | Break & Enter - If you need to unlock a system, Windows or Linux, this is the tool for you. Provided there is a Firewire port, you can gain direct access to memory and unlock a system.

  9. CVSS – Vulnerability Scoring Gone Wrong « Neohapsis Labs - Some great points in this article on how to use CVSS: "Nobody cares that the distance between goal lines on an American football field is 3600 inches. Why? Because it is a useless unit of measurement when we are talking about football. Nobody cares if someone has made 2 inches of progress on the field, as yards are the only thing that matters. Similarly, what is an organization supposed to take away from a CVSS score that can take on 100 potential values? Is a 7.2 any better than a 7.3 when it comes down to whether someone is deciding to fix something or not?" He also talks about using CVSS data to determine High, Medium, and Low severity, stating your vulnerabilities could all be 6.9 and 7 or above is a high severity, and you are only fixing high vulns. It's a good idea to create some queries, dashboards, and report filters and look at your CVSS scoring in different ways to gauge risk and prioritize.

Posted by Paul Asadoorian on May 02, 2012 in Podcast | Permalink

 

Video Conference Detection with PVS

Many customers have recently inquired about detection of video conferencing hardware and software, and Tenable’s research team has been developing additional PVS plugins to do just that.

 

Vid_conf_plugins

Continue reading "Video Conference Detection with PVS" »

Posted by Randal T. Rioux on May 01, 2012 in Passive Network Monitoring, Tenable Research | Permalink

 

Debating Software Liability

Combine equal parts of two of the industry's most outspoken experts, add in the controversial topic of software liability, and stand back to watch the ideas collide. The cameras were on hand at the recent RSA event to capture the debate between Tenable Network Security Chief Security Officer Marcus Ranum and BT Chief Security Technology Officer Bruce Schneier. Thought provoking doesn't begin to describe the encounter--and that's all before the audience gets involved. Watch now on our YouTube channel:

Posted by Dale Gardner on May 01, 2012 in Events, In the News | Permalink

 

Ron Gula on Why Tenable Fits the U.S. Department of Defense

Ron Gula on Why Tenable Fits the Department of Defense

Earlier this week, Tenable formally announced the company's products had been selected as the basis for the Assured Compliance Assessment Solution (ACAS), the Defense Information Systems Agency's Department of Defense-wide program for managing vulnerability and configuration assessments. Tenable co-founder and CEO Ron Gula took a moment to chat about the selection, and what it means to the entire Tenable team. You can watch here:

More Information

You can learn more about how Tenable products support ACAS on the Tenable website, or contact Tenable Sales at sales@tenable.com

Posted by Dale Gardner on April 27, 2012 in Nessus, Passive Network Monitoring, SecurityCenter, Tenable in the News | Permalink

 

Compliance Auditing with Microsoft PowerShell

Compliance Auditing with PowerShell

Microsoft's PowerShell framework has been part of their product line for quite some time. In recent years, it has played a major role in new operating system versions (such as Window 7 and Windows Server 2008) thanks to its inclusion in common engineering criteria. All future Microsoft server products will have PowerShell support integrated in them by default. This means Microsoft products will benefit from a single management interface, rather than a mixed usage of the registry, WMI, or other system files/utilities.

For those unfamiliar with PowerShell, it's a command-line shell meant to perform administrative tasks using cmdlets. Cmdlets are purpose-built commands designed to accomplish specific tasks for reading registry keys, files, wmi-objects, starting and stopping Windows services, and a host of other tasks. A wide range of cmdlets and their usage are documented on Microsoft's website.

The ability to run PowerShell cmdlets remotely opens up interesting possibilities from a compliance perspective. For example, it's now possible to read a file, apply several different filters, and determine compliance. You can also run a cmdlet and let the user review the output, then tailor the output as needed. Tenable recently added an AUDIT_POWERSHELL check to Windows compliance checks which allows users to do just that, right from an .audit file. Below is the basic syntax:

Continue reading "Compliance Auditing with Microsoft PowerShell" »

Posted by Paul Asadoorian on April 26, 2012 in Compliance Monitoring, Nessus | Permalink

 

Tenable Network Security Podcast Episode 121 - "Enterprise Netstat, OS X Trojans"

Welcome to the Tenable Network Security Podcast Episode 121

Announcements

New & Notable Plugins

Nessus:

Passive Vulnerability Scanner (PVS):

  • Real Networks RealPlayer < 14.0.6.666 (Build 12.0.1.666) Multiple Vulnerabilities - Sometimes you just have to install select software to make something work. This is one such example, where a video won't play for a user, so they have to quickly install RealPlayer to make it work. Then they forget about it, and it's never kept up-to-date.

  • TeamViewer detection - This software reminds me of PC Anywhere, or even better, GoToMyPC, all of which are just bad ideas. They work to bypass firewalls and give people access to their desktops. From a security perspective, this type of access has always led to risky situations, which are often taken advantage of by attackers.

SecurityCenter Report Templates:

  • Nessus Enhanced Botnet Detection - "The sample above was cut from one of three chapters and depicts the successful progress towards the removal of malicious software, and related configuration changes, measured by repetitive Nessus scanning over time. After the sharp upwards trend caused by initial malware detection there is a healthy downwards trend."

  • TeamViewer Detection - "This template was designed to report hosts and network locations that have been observed using TeamViewer. The sample above was cut from one of two chapters in the template and points to the physical network locations where TeamViewer was observed in use."

Stories

  1. Three No-Nos When Interviewing For an InfoSec Job - Some really funny stories here, like the interviewee who was hacking into the wireless network!

  2. USB drive uses voice recognition for increased security - I'm curious to see how (or if) this really works, a voice pattern to unlock your USB thumb drive. Very James Bond, but typically the security on these devices is bypassed some other way, getting around the "my voice is my password." Though, I've always wanted to say, "Hi, my name is Werner Brandes. My voice is my passport. Verify Me."

  3. WordPress fixes file upload security problems - Wordpress is a scary place. If you must use it, make sure you have your own install, are hardening your PHP install, and using something like Mod_Security.

  4. Firefox skirts Windows security feature to make silent updates happen - UAC bypass to install updates!

  5. Monitor OS X LaunchAgents folders to help prevent malware attacks - There are a few different folders in OS X software will reside in to automatically start. This is a neat place to look and check the things that get placed here. Similar to the Windows registry keys.

  6. 15-year-old arrested for hacking 259 companies - How bad is website security when a 15-year-old can hack over 200 companies?

  7. XSS Shortening Cheatsheet « Neohapsis Labs - Pay attention to this if you are finding XSS and not able to exploit it or demonstrate it.

  8. The Trouble with IPv6

  9. Security Issues in IPv6 Transition

Posted by Paul Asadoorian on April 24, 2012 in Podcast | Permalink

 

Tenable Selected for DISA’s ACAS Vulnerability Management Solution

Tenable Selected for DISA’s ACAS Vulnerability Management Solution

Tenable’s Unified Security Monitoring platform is the U.S. Defense Information Systems Agency (DISA) vulnerability management solution deployed DoD-wide as the Assured Compliance Assessment Solution (ACAS). Implementation is now underway for products within ACAS, including Nessus®, SecurityCenter™, and the Passive Vulnerability Scanner™ .

The award means Tenable’s products will be deployed across the entire Department of Defense and select Federal intelligence agencies. That broad deployment provides the DoD a comprehensive view of network configuration, compliance, and risk.

Among the reasons for the Tenable’s selection:

  • Scalability - The DoD is able to ensure comprehensive coverage of their network; one of the largest and most complex in the World. Unique Tenable capabilities like distributed scanning and management enable efficient scanning performance, while ensuring everyone in the chain-of-command has visibility into essential data.

  • Continuous Monitoring - Emerging, transient, risks like mobile devices, virtual systems, and cloud-based applications and services leave competitive tools in the dark. With Tenable’s unique passive vulnerability detection, the DoD can now continuously monitor networks, learning immediately of vulnerabilities, errors and security exposures, and policy violations. Traditional scanning only provides point in time assessments (weekly, monthly, or even less frequently). Tenable’s Passive Vulnerability Scanner delivers full coverage, 365 days a year, 24 hours a day.

  • Quality of Research - Tenable coverage goes deep and wide, and we’ve adapted our solutions to ensure our research is better integrated with the DoD’s existing systems. Analysts can quickly and easily respond to risks and mitigate problem more effectively.

To learn more about the Assured Compliance Assessment Solution evaluation, or Tenable solutions, please visit our website.

Posted by Paul Asadoorian on April 23, 2012 in Tenable, Tenable in the News, Tenable Partnerships | Permalink

 

Tenable Network Security Podcast Episode 120 - "Nessus, Perimeter Service, & SecurityCenter Updates"

Welcome to the Tenable Network Security Podcast Episode 120

Announcements

  • Nessus 5.0.1 Released - This update includes support for FreeBSD 9 and gives you more flexibility when specifying port ranges and types (UDP or TCP) for the port scanner. Several bug fixes are included as well, including Windows installation issues.

  • SecurityCenter 4.4 Released:
    • Improved performance, with a new XML-RPC-based interface that speeds cross-system connections and adds fault-tolerance and improved reliability.
    • Easy report template and information sharing. New reports, designed by Tenable experts, can be downloaded from the new Tenable SecurityCenter Enterprise Reporting blog, imported into SecurityCenter, and used immediately, customized, or exported to share with others.
    • Easy access to over 100 pre-defined Quick Reports, including SANS Consensus Audit Guidelines, Center for Internet Security Audits, FISMA compliance indicators, HIPAA compliance checks, OWASP, PCI, and other IT and patch audit reports.
    • New data visualization displays that use charts and color-coding to indicate the number and severity of vulnerabilities based on IP addresses, host names, and asset groups.
    • Integration with Tenable’s cloud-based Nessus Perimeter Service.
    • Improved integration with GRC, SIEM, IDS, firewall analysis, and other systems that support Nessus reporting. SecurityCenter now exports scan data in the Nessus v2 format.
    • Scan hosts by specifying the DNS host name or URL for web application assessments.
    • Authentication: Support for the use of digital certificates with SecurityCenter. Support for smartcard authentication (including U.S. Department of Defense’s Common Access Card (CAC)).

  • New Version of Nessus Perimeter Service Released - As Tenable is an Approved Scanning Vendor (ASV), you can use the Perimeter Service to perform PCI scans, using an approved PCI policy, and submit the scan results to Tenable for PCI ASV validation. The Perimeter Service allows you to scan as many systems as you like, as often as you like, and submit two scans for validation per quarter at no extra cost.

  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. New videos are always in the works and updated Nessus and Perimeter Service videos will be available soon.

  • We're hiring! - Visit the Tenable website for more information about open positions.

  • You can subscribe to the Tenable Network Security Podcast on iTunes!

  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!

  • Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

Passive Vulnerability Scanner (PVS):

SecurityCenter Dashboards:

  • Snort IDS Events - The Snort IDS Events dashboard organizes and visualizes events collected from the Snort intrusion detection system.

SecurityCenter Report Templates:

  • RDP Detection - This report template was designed to detail RDP (Remote Desktop Protocol) server and connection detection.

  • Unmanaged and Unsupported Hosts - This report template was designed to identify unmanaged and unsupported operating systems and appliances within a large enterprise.

Stories

  1. Vulnerabilities, Exploits, and Good Dental Hygiene - From the Tenable Blog, an article discussing vulnerability management, exploits, and penetration testing.

  2. Phrack 68 Released- Good to see Phrack still kicking!

  3. Smart Meter Attacks - Smart Meter hacks are coming to life, and the security community is biting its tongue trying not to say "I told you so."

  4. Not Your Parents Wifi - Great article that summarizes the different types of wireless and the threats they post, from Bluetooth to DECT.

  5. Oracle accidentally release MySQL DoS proof of concept - Oops!

Posted by Paul Asadoorian on April 17, 2012 in Podcast | Permalink

 

SecurityCenter 4.4 Released

SecurityCenter 4.4 Expands USM Capabilities

SecurityCenter version 4.4 is available today from Tenable Network Security. Customers can download the updated release from the Tenable Support Portal. You can view a video tutorial of the new features on the Tenable YouTube channel, or watch it below:

SecurityCenter is the central component of Tenable’s USM platform. It provides robust enterprise security monitoring by uniquely combining active and passive vulnerability assessments with log and event monitoring to create intelligent and actionable reports. SecurityCenter users also benefit from real-time and flexible dashboards for both security monitoring and maintaining compliance.

SecurityCenter version 4.4 includes dramatic performance gains, improved integration with other management systems, reporting and user interface enhancements, and many other new features. A detailed list is available on the Tenable website. Some of the highlights include:

Continue reading "SecurityCenter 4.4 Released" »

Posted by Paul Asadoorian on April 17, 2012 in Compliance Monitoring, Data Visualization, SecurityCenter | Permalink

 

Nessus Perimeter Service with New Tenable PCI Scanning Service Available

Tenable is pleased to announce availability of the Nessus Perimeter Service including the Tenable PCI Scanning Service. Customers can scan an unlimited number of Internet-facing IP addresses, as often as they like, and submit PCI scan results up to twice per calendar quarter for Tenable PCI Approved Scanning Vendor (ASV) validation, all for $3,600 a year.

The Nessus Perimeter Service offers:

  • One flat fee - Scan an unlimited number of Internet-facing IPs, as often as you like
  • Web application vulnerability detection
  • Up to two quarterly PCI scan submissions for Tenable PCI ASV validation
  • Anytime, anywhere access via web browser and Tenable Nessus App for iPhone, Android, and iPod touch
  • World-class expertise with the most-trusted knowledgebase in the industry and access to Tenable’s PCI-certified professionals

To learn more about Nessus Perimeter Service and the Tenable PCI Scanning Service you can view the video titled "Nessus Perimeter Service Usage: PCI ASV Validation and SecurityCenter Integration":

New PCI-DSS Scan Policy

Continue reading "Nessus Perimeter Service with New Tenable PCI Scanning Service Available" »

Posted by Paul Asadoorian on April 17, 2012 in Nessus, PCI Compliance, SecurityCenter | Permalink

 

Nessus 5.0.1 Released

Tenable is pleased to announce the release of Nessus 5.0.1! This is a point release (moving from 5.0 to 5.0.1), containing enhancements and minor bug fixes. This release improves the stability on all platforms, and solves Windows-specific issues related to installation and packet forgery.

144x144TN.png

New features

From a user perspective, the only change is that it is now possible to specify a separate list of UDP and TCP ports to scan on all targets. This is set in the "Port scanner range" field when you create a new policy or modify an existing one (e.g. if you wanted to scan TCP ports 1-1024 and UDP ports 1-200 the syntax is: "T:1-1024,U:1-200"). Also, a build for FreeBSD version 9 is now available.

Enhancements & Bug Fixes

 In addition, several enhancements and bug fixes are included:

  • Resolved an issue whereas packet forgery was not working on some Windows setups

  • Improved the Windows installer which would fail on some setups

  • Fixed several thread synchronization issues leading to a crash in certain situations

  • Imported v1 reports are more legible

  • Nessus can now read a 64-bit database on a 32-bit system and vice-versa

  • Identified and resolved a minor memory leak issue occurring on all platforms

  • Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash

  • Workaround for CVE-2011-3389

  • Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator

  • Restored the ability to log in via certificate authentication on port 1241 when "force_pubkey_auth = no"

  • This version of Nessus now includes OpenSSL version 1.0.0h

New customers can download and evaluate Nessus for free by visiting the Nessus homepage. Current customers can download the new version from the Tenable Support Center.

Detailed instructions and notes on upgrading can be found in the Nessus Documentation. Please contact Tenable Support (support-at-tenable.com) with any questions regarding the upgrade to Nessus 5.0.1. You can also visit the Nessus Discussion portal for more information.

Posted by Paul Asadoorian on April 16, 2012 in Nessus | Permalink

 

Vulnerabilities, Exploits, and Good Dental Hygiene

Vulnerability Management

Constantly assessing the security of your own systems is an important task in maintaining a secure network. I relate regular security assessments to personal hygiene, such as brushing your teeth everyday (and even more "in-depth" maintenance such as flossing and using mouthwash). All of these actions are an effort to prevent "bad things" from happening. Often, the "bad thing" hasn't happened yet, and you are trying to get ahead of the curve to protect yourself from cavities, gum disease, or worst-case, all of your teeth falling out. Vulnerability management plays the same role in your organization. By regularly assessing your systems, finding problems, and fixing them, you hope to get ahead of the curve and prevent bad things from happening, such as data leakage, breaches, and compromises of your systems by “evil bad guys”.

IStock 000014067353XSmall

All of us can hear our parents voices in our heads, as when we were growing up we were all told to "brush your teeth before you go to bed".

As I stated above, finding the vulnerabilities is just the first step. You must have a process in place to fix the vulnerabilities that you've identified. After that, your processes need to check to be certain that a vulnerability was remediated. Your plan for network health has to track vulnerability remediation, and empower those responsible to be in the loop and fix the problems before something "bad" happens (if it were only so easy as brushing, flossing, and using mouthwash). Tenable has a suite of tools to help you both find as many vulnerabilities as possible and implement a process for continued remediation. Below are some examples:

Continue reading "Vulnerabilities, Exploits, and Good Dental Hygiene " »

Posted by Paul Asadoorian on April 12, 2012 in Editorials, Nessus Top Ten List, Passive Network Monitoring, SecurityCenter | Permalink

 

Tenable Network Security Podcast Episode 119 - "Macs Don't Get Viruses, Detecting OS X Malware"

Welcome to the Tenable Network Security Podcast Episode 119

Announcements

New & Notable Plugins

Nessus:


Continue reading "Tenable Network Security Podcast Episode 119 - "Macs Don't Get Viruses, Detecting OS X Malware"" »

Posted by Paul Asadoorian on April 09, 2012 in Podcast | Permalink

 

Tenable Network Security Podcast Episode 118 - "Detect jailbroken devices, mobile device concerns"

Welcome to the Tenable Network Security Podcast Episode 118

Announcements

New & Notable Plugins

Nessus:

The plugins below are local patch checks for Cisco IOS devices:

Passive Vulnerability Scanner:

Continue reading "Tenable Network Security Podcast Episode 118 - "Detect jailbroken devices, mobile device concerns"" »

Posted by Paul Asadoorian on April 05, 2012 in Podcast | Permalink

 

Predicting Attack Paths

Tenable has published a technical paper titled “Predicting Attack Paths” that describes how to leverage active and passive vulnerability discovery technology to identify in real-time Internet facing services, systems and clients on your network that can be exploited in a variety of scenarios.

Continue reading "Predicting Attack Paths" »

Posted by Ron Gula on April 02, 2012 in Data Visualization, Passive Network Monitoring, Security Metrics, Security Strategy, Tenable Product Usage, Tenable Research, Vulnerabilities | Permalink

Next »

Tenable Network Security


The official BLOG of Tenable Network Security and the Nessus vulnerability scanner.

Home

About

Archives

Subscribe to this blog's feed

Subscribe to my Podcast

Recent Posts

Tenable Network Security Podcast Episode 125 - "Detecting Quicktime Vulnerabilities, Hotel Hackers"

Cyberwar: You're Doing It Wrong!

File Integrity Auditing with Nessus

Plugin Spotlight: Mac OS X FileVault Plaintext Password Logging

New Nessus Feature Added: CSV Export

Tenable Network Security Podcast Episode 124 - "OS X Vulnerabilities, Laptop Security at Conferences"

Plugin Spotlight: RuggedOS Telnet Server Default 'factory' Account Backdoor

PVS and Facebook Game Detection

Tenable Network Security Podcast Episode 123 - "Network Management Vulnerabilities, RuggedOS Backdoor"

Monitoring Internet-facing Servers with SecurityCenter & Nessus

Categories

Compliance Monitoring

Control Systems

Current Affairs

Data Visualization

Editorials

Event Analysis Training

Event Monitoring

Events

In the News

Log Analysis

Microsoft Patch Tuesday

Nessus

Nessus Top Ten List

Partners

Passive Network Monitoring

Patch Auditing

PCI Compliance

Podcast

Ranum's Rants

SCADA

Security Interviews

Security Metrics

Security Strategy

SecurityCenter

Tenable

Tenable Events

Tenable in the News

Tenable Partnerships

Tenable Product Usage

Tenable Research

Tenable Webinars

Virus Auditing

Vulnerabilities

Web App Auditing

Web/Tech

Archives

May 2012

April 2012

March 2012

February 2012

January 2012

December 2011

November 2011

October 2011

September 2011

August 2011