Auditing Rackspace Accounts with Nessus®
Just a few years ago, if you were planning a new infrastructure deployment to support new workloads, you would have expected questions related to architecture, networking, air conditioning, server room real estate and so on. But today you shouldn’t be surprised if the discussion quickly moves towards clouds, blue skies and space. I am, of course, referring to cloud services such as Amazon AWS, Microsoft Azure and Rackspace.
Cloud infrastructure-as-a-service (IaaS) products such as Rackspace are increasingly considered a real alternative deployment method while building out new or scaling existing IT infrastructure. And why not? Assets can be quickly deployed in an IaaS service, they are relatively cheaper for short term projects and and can bypass any long lead times your IT department may have when provisioning new assets.
As more and more firms move their workloads into the cloud, keeping a handle on what’s deployed in the cloud (and keeping it secure) is becoming a priority
So what should you do if you find yourself in a position where you are required to support workloads in the cloud? Well, you should carry over some lessons learned from on-premises deployments to the cloud. For example, maintain an inventory of all your resources, user accounts and their respective roles (especially admins) and also keep track of any unauthorized changes.
With the release of Nessus 6.4, you can do all that and much more while auditing Rackspace accounts.
Here are some highlights of the new Rackspace plugin.
Rackspace deployment snapshot
When the IT infrastructure of an organization embarks on a gradual migration to the cloud, one thing becomes apparent very quickly: it becomes difficult to keep track of all the resources that are deployed in the cloud all the time. This is especially true when multiple users have the privileges to provision new resources on demand.
Tenable’s Rackspace plugin reports all the resources that are deployed in Rackspace in a single result
Wouldn’t it be nice if you could figure out what resources (servers, databases, networks, users) are deployed in the cloud in a single glance? Tenable’s Rackspace plugin does just that. It reports all the resources that are deployed in Rackspace in a single result.
Changes since last scan (configurable)
Another challenge with cloud deployments is keeping track of what changed since the last scan. For example, which new servers were added or what new domains were created in the last X days. The Rackspace plugin provides a configurable variable value, which can be used to track such changes.
XPath meet jq
Once you put the Rackspace plugin to good use, two things will become obvious. One, the output is in JSON format, and second, some magic happens between what’s returned by Rackspace (in JSON) and the transformed output viewed in the Rackspace plugin. That magic is jq.
When we think about transforming XML documents into a human readable format, the simplest solution is to use a combination of XSLT and XPATH libraries. But the answer is not so obvious when it comes to transforming JSON. There are almost no good libraries which could be readily used in a product. And without a good JSON processor, there is not much that a plugin can do while dealing with JSON. So what did we do? We built a JSON processing library from scratch in the Nessus Attack Scripting Language (NASL). It’s modeled after jq (a JSON processor). You can try it in the online jq library. There is a good chance that if your filter works on the jqplay website, then it will work in the Rackspace plugin as well, since we support most of jq’s features. We are already putting this library to good use in our recently announced MDM Audit plugin.
Sample result
Conclusion
As more and more firms move their workloads into the cloud, keeping a good handle on what’s deployed in the cloud (and keeping it secure) is becoming a priority. Last year, we released auditing support for Amazon AWS, and now we are following up with Rackspace; there is a lot more to come! So regardless of which IaaS provider you use to deploy your IT assets, Tenable products will have an audit solution to address your needs.
Related Articles
Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action
April 12, 2024Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
Cybersecurity Snapshot: CSRB Calls Exchange Online Hack “Preventable,” While CISA, Others Warn About XZ Utils Backdoor Vulnerability
April 5, 2024Check out why the Cyber Safety Review Board has concluded that the Microsoft Exchange Online breach “should never have occurred.” Plus, warnings about the supply chain attack against the XZ Utils open source utility are flying. In addition, a report says ransomware attacks surged in February. And the U.S. government issues a comprehensive AI usage policy for federal agencies. And much more!
Cybersecurity Snapshot: U.S. Gov’t Unpacks AI Threat to Banks, as NCSC Urges OT Teams to Protect Cloud SCADA Systems
March 29, 2024Check out new guidance for banks on combating AI-boosted fraud. Plus, how to cut cyber risk when migrating SCADA systems to the cloud. Meanwhile, why CISA is fed up with SQLi flaws. And best practices to prevent and respond to DDoS attacks. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
Oracle April 2024 Critical Patch Update Addresses 239 CVEs
April 17, 2024Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.
Strengthening the Nessus Software Supply Chain with SLSA
April 16, 2024You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.
- Cloud
- Plugins
- Vulnerability Management