Carole Fennelly

Tenable at Black Hat USA 2010!

July hasn’t been hot enough for me and some of the other Tenable staffers, so we will be heading to the desert of Las Vegas in a few weeks to attend Black Hat USA 2010! Since 1997, the Black Hat conference has provided a neutral ground for security researchers, government agencies and information security professionals to integrate their varied perspectives. This will be my ninth year at Black Hat and I’ve always found it to be an intense couple of days meeting up with almost everyone I know in the Infosec field. I’m delighted that Tenable will be represented in the Black Hat Trainings, Black Hat Briefings, Black Hat vendor area and DEF CON this year.

Tenable’s Product Evangelist, Paul Asadoorian, will be teaching two sessions of a brand-new (seriously – we’re still editing it) Advanced Nessus Training Class.

This class is intended for those who are already familiar with Nessus and will cover special techniques and testing situations that you may not be familiar with. There will be a lot of hands-on lab work, assisted by Tenable’s lead Trainer, David Poynter (so that Paul can keep talking, one of his favorite activities). The first session will be held on Saturday and Sunday (July 24 & 25) and the second session on Monday and Tuesday (July 26 & 27). There are still a few seats open in both sessions, but they are filling up fast!

Nessus Cisco Compliance Checks

Tenable has authored a Nessus plugin (ID 46689) named “Cisco IOS Compliance Checks” that implements the APIs used to audit systems running Cisco IOS. This plugin is pre-compiled with the Nessus “.nbin” format. This provides ProfessionalFeed users a method of using Tenable provided .audit files, or their own audit policies, to audit Cisco devices to ensure compliance with corporate policy. This functionality provides a wide range of audit capability including ACL policy detection, service status, device access control and more.

New Keywords

Many of the .audit keywords are the same as for other devices such as Windows and Unix systems. The Cisco compliance checks add two new keywords specific to Cisco IOS based devices:

  • feature_set - Similar to the “system” keyword in the Unix Compliance Checks, this keyword checks the Feature Set (e.g. AdvancedEnterprise, AdvancedIP, Advanced Security, K9, etc) version of the Cisco IOS and either runs the resulting check or skips the check because of a failed regex. This is useful for cases where a check is only applicable to systems with a particular Feature Set (e.g. SSH in K8 and K9 bundles).
  • ios_version - Similar to the “system” keyword in the Unix Compliance Checks, this keyword checks the version of the Cisco IOS and either runs the resulting check or skips the check because of a failed regex. This is useful for cases where a check is only applicable to systems with a particular IOS version.

Nessus Spotlight: su+sudo Feature

With the release of Nessus 4.2.2 a new method of credential elevation has been included for Unix-based hosts that have sudo installed: “su+sudo.” This method allows you to provide credentials for an account that does not have sudo permissions, su to a user account that does, and then issue the sudo command. 

This configuration provides greater security for your credentials during scanning, and satisfies compliance requirements for many organizations.

To enable this feature, simply select “su+sudo” in the “Elevate privileges with” section under the credentials/SSH settings as shown in the following screen shot:

Picture 10
 

Under the “SSH user name”, and “SSH password” tabs, enter the credentials that do not have sudo privileges. In the example above, the user account is “raven.” From the “Elevate privileges with” pull-down menu, select “su+sudo.” Under the “su login” and “su/sudo password” tabs enter the user name and password that do have privileged credentials, in this example “sumi.”

No other scan policy changes are required.

Tenable Virtual Appliance

Tenable is pleased to announce the release of the Tenable Virtual Appliance! The appliance replaces the Nessus VM Appliance and provides a preinstalled image of all Tenable applications in one easy to configure interface. The Tenable Virtual Appliance is available for Tenable customers and is provided for use with VMware Server, VMware Player and VMware ESX Server. Currently, Nessus and Security Center applications are available on the appliance with the Log Correlation Engine and Passive Vulnerability Scanner to be released soon. Tenable ProfessionalFeed customers can download the latest version of the Tenable Virtual Appliance along with any available updates from the Tenable Support Portal.

Tenable and SANS Consensus Audit Guidelines (CAG)

The SANS Consensus Audit Guidelines (CAG) is a compliance standard that specifies 20 "control points" that have been identified through a consensus of federal and private industry security professionals. This blog post provides a summary of the SANS initiative and an overview of how Tenable’s solutions can be leveraged to demonstrate compliance with these guidelines. Tenable has also released a technical white paper that shows exactly how our scanning, log analysis and auditing solutions can be used to monitor the SANS-CAG controls.

Hacker Court at Black Hat!

Hacker Court is once again returning to the Black Hat Briefings! For our seventh Black Hat presentation, we will be conducting a mock court trial focused on the issues of entrapment, journalist privilege and wiretapping, titled "Hack MyFace."