Tenable Network Security Podcast

Paul, Ron and Jack talk Nessus v6!

Paul and Carlos discuss the new OpenSSL flaw, tips on how to use Tenable products to prevent breaches, and full disk and USB drive encryption.

Ebay Got Hacked - This is the same story I feel like I've read 1,000 times. It boils down to "big web site was breached, they stole the password database, everyone needs to change their passwords". A few things: While there are issues with two-factor authentication in corporations for authenticating users to applications, if your business is a web site (Ebay, Google, LinkedIN) at some point you have to make two-factor authentication available and make it easy for people to use. People always shout about the passwords, but tend to gloss over the fact that someone exploited something to gain access in the first place. In this case, it sounds like, nothing official here, Ebay employees were socially engineered and lost their passwords. Training, user awareness, etc... all apply here So on the password soap box again, store your passwords securely. Its well documented. Make it easy for the user to change their passwords! Finallly, can we solve this problem of passwords already? I guess not. The Internet Is A Crappy Place - Yea, I said it. The problem is what do we do about it? I tell you what we should not do is create browsers and web browser technology that has lots of vulnerabilities. Darn, too late. All too often we cover vulnerabilities in web browsers, Flash, Java and the like. Securing this technology leads to user unhappiness, such as what if I were to reset a virtual system hosting a web browser each time you used it? Your bookmarks, cookies and saved passwords would all go away. There has to be a better way, but in the mean time, have a strong patch and vulnerability management system. Once a patch is released Nessus will be updated to include a check

Announcing Nessus Enterprise, The Latest Product From Tenable! Boldly go where no scanner has gone before! The Tenable podcast team got together and created this special episode covering Nessus Enterprise, our latest product offering that will encourage collaboration in your vulnerability management program. Topics include: Overview of Nessus Enterprise features, including both OnPremise and Cloud versions Discussion of various deployments and how to find the right fit for your environment Full coverage of all features, including sharing reports, schedules, policies and scanners and LDAP support We cover the various groups and roles within your environment you may want to grant access to and why Where to get it, how much it costs, and migration from existing Tenable products

Paul Asadoorian and Ron Gula discuss the new IE 0day.

SCADA Device Vulnerability Detection - How do we do it? Scan, Sniff, Log, "Real-time" all these words come into play, but what do they really mean and how do they help you solve problems and reduce risk? How do we deal with XP in this environment? How do we deal with XP in general? Read More Why Isn't My Host Vulnerable?- Lots of questions like this, in the past week, welcome to our world. Three things: 1) Use the audit trail to find out why a plugin did not run (e.g. Your host is not running SSL) 2) Use the knowledge base to find which plugins did fire (e.g. Did you enable a port scanner on all ports?) 3) Monitor Logs/Packets - Fire up tcpdump/wireshark, see if traffic is getting there, look in the logs on the target and see what is happening. Looking For The Right Stuff - Like this Query to find active vulnerabilities 30 days old or more. When you are collecting all the stuff, you can ask questions like this and get answers. Such as "which hosts are running SSL?" or "Which hosts have SSL certificates older than a week?".

Paul interviews ICS and SCADA security experts at the SANS ICS Summit held in Orlando, FL in March 2014.

New Nessus Multi-Scanner feature!

PCI discussion with subject matter expert Jeffery Man!

Telephony DoS - I read an interesting article that detailed an attack that used a combination of social engineering and a DoS attack against your phone system. The attacker calls the victim and asks about up paid debt. Whether you have debt or not, the attacker insists on payment. If you refuse, a DoS attack is launched against your phone systems using combination of cheap labor and VoIP phones. Interesting how one defends against this attack. MediaWiki Vulnerability - There are actually two vulnerabilities in MediaWiki versions

Endpoint Protection - New vulnerabilities have been remediated in the Symantec Endpoint Protection product. What many may not know is that this product does whitelisting. What are your thoughts on Whitelisting, how can it help and is it feasible in some or many environments? Sonos, Smart TV, Playstations - Many will state that these such devices "are not on my network". But how do you know unless you look? How common are home and SOHO products on enterprise networks? What risks do they pose? Defining Critical - Last week we talked about critical vulnerabilities, this week I want to turn the focus to critical log events. SANS publishes the "SANS 6 Categories of Critical Log Information", is this applicable to most organizations? Is one person's log data going to have different forms of "Critical"? Or are there categories that we can all share in common, and how many custom categories should you create?

Discovering New Hosts - At a recent presentation is was asked of me how one can detect new hosts. Tenable has many products that work towards detecting new hosts. One can do this passively by monitoring network traffic, via Nessus by enumerating virtual machines from virtualization servers, and by looking at the logs collected by LCE. How does one pull all of this information together and act on it? Critical AND Exploitable - Severity rating vulnerabilities is tricky business. How do you rate the risk? The threat? What's the difference? Math aside, there is something to be said for a vulnerability in your environment, one thinks we should fix all of these ASAP, or should we? Scanning the ICS Village - Recently we were able to scan an entire lab of security products and SCADA devices. The results were impressive. We generated over 3GB of network traffic, all scans completed successfully and enumerated several vulnerabilities. While some of the SCADA plugins were written some time ago, they are still very much effective at enumerating vulnerabilities against SCADA devices, and even support ModBus.

Discussion & Highlighted Plugins Common Sense Security Monitoring - I really have a lot of faith in this concept, largely because it makes sense in the real world in addition to the digital world. For example, you become accustomed to the happenings in your neighborhood. People tend to be creatures of habit, they leave for work around the same time, walk their dogs around the same time of day/night, lights go on and off at fairly regular times, etc… When someone breaks the mold a bit, you tend to notice (at least I do) and it sends up a red flag and I pay closer attention to the behavior (a car driving around with its lights off at 11pm, when that's not supposed to happen until at least 4AM when my neighbor up the street leaves for work and doesn't want to blind the neighborhood with his headlights). Some new PVS rules will allow you to accomplish the same thing, and flag on behavior such as SSH traffic not on port 22. The NSA Saga Continues - Recent develops have furthered discussions on how NSA spying impacts corporations business processes. Should we be paranoid that someone is watching? How safe are our corporate secrets if the NSA has a backdoor in our security products? Do you, like several others, boycott RSA as it has been reported that the NSA maintained backdoors in their products?

Tenable Year In Review - This has been a stellar year for Tenable products and features. There is a long list of significant changes, starting with Nessus we have seen enhancements to auditing patch management systems, several new configuration audits, a new Nessus User Interface, and a lot of growth in detecting malware. What are some of the highlights for you? What's next for Tenable given the current trends and threats?

This week Carlos and Paul discuss the Passive Vulnerability Scanner's ability to detect client-side and embedded device vulnerabilities. We also cover Ron's presentation https://discussions.nessus.org/docs/DOC-1051 on using Tenable products to detect malware. We highlighted how PVS can search the files being hosted, and search the DNS names hosts are accessing to detect common malware. The ability to pull information from different sources and using correlation to alert on the events you will care about.