Tenable Network Security Podcast Episode 177 - "Securing Management Devices, Database Security?"

Welcome to the Tenable Network Security Podcast Episode 177

Announcements

Discussion & Highlighted Plugins

Securing Management Interfaces

  • Your organization has measures in place to implement physical security. This is likely tied to some risk equation that takes into account attack likelihood, the value of your assets, and the cost of such an attack. I've seen some really outstanding physical security, some really poor physical security, and most organizations implementing something in between. However, leaving gaps in the security of your management devices (access control server, console servers, on-board server management systems) is the equivalent of having almost zero physical security. It allows attackers to gain access to your systems, bypassing any logical security controls you may have in place. There is a fix for Dell's iDRAC system, which if left unlatched, gives attackers root access to the console server. This can very quickly translate into access to the server itself. The fixes for physical security are often expensive, but the fixes for management level access are usually cheaper and easier. Do most organizations miss this? Why? What can we do to raise awareness?

Database Security?

  • Patches were released this week for both Oracle and MySQL. Both of these applications come with challenges. You may have this on your network and not know it because its embedded in the application that was purchased by a different department. Database administrators have enough challenges, and constant patching seems to rock their world. What can organizations do to improve the security of database architecture given current challenges?

Passive PVS PHP Plugins

  • Say "passive PVS PHP plugins" 10 times fast! Several new plugins were released to passively detect several issues with PHP, including a Backdoor script detection plugin and vulnerability data. Being able to detect indications of compromise, coupled with vulnerabilities, is the heart of what Tenable products can deliver.

New & Notable Plugins

Nessus

General

Passive Vulnerability Scanner

SecurityCenter Dashboards

Security News Stories

  1. Ibrahim Balic takes credit for Apple Dev Centre “attack”, but will he shoulder the blame?
  2. WordPress flaw could cause data leaks | IT News from V3.co.uk
  3. Adam Gowdiak uncovers new vulnerability in Java 7 which opens door to 10-year-old attack
  4. Integrating Vulnerability Management Into The Application Development Process
  5. True tales of (mostly) white-hat hacking
  6. Hardware Hacking Trends
  7. Nations Buying as Hackers Sell Flaws in Computer Code | NYTimes.com
  8. SIM Cards Have Finally Been Hacked, and the Flaw Could Affect Millions of Phones | Forbes
  9. SSH Brute Force – The 10 Year Old Attack That Still Persists | Sucuri Blog

More from the Tenable Blog