Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Questionable Hosting

by Josef Weiss
June 16, 2016

Questionable content can be defined as content that may be unauthorized, objectionable, or offensive. Many times questionable content may also be a path to phishing campaigns, in which attackers masquerading as other entities attempt to acquire sensitive information from end users.

For a detected web server, active web application scanning is no guarantee that all hosted web sites will be found. There may be no links between two web sites hosted on the same web server. Similarly, scanning a network for all ports to look for web servers that may have been installed as part of a botnet is difficult to do in real time. Because of this, malicious web servers are commonly found on university, home user, and any type of large network.

This dashboard presents all web servers passively detected on the network by the Tenable Passive Vulnerability Scanner (PVS), as well as questionable content that the web servers might be hosting and trend lines for detected web sites that contain keywords not expected for the local network. End users who visit websites that contain keywords related to money, porn, dating, games, sweepstakes, and parties are also displayed.

Using the active scanning, agent scanning, passive listening, and host data sensors, SecurityCenter Continuous View (CV) can provide a more comprehensive view of devices accessing the network. By practicing continuous monitoring, organizations can more effectively assess risk and identify authorized and unauthorized activity on their network.

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Discovery & Detection.

The dashboard requirements are:

  • SecurityCenter 4.8.2
  • Nessus 6.7.0
  • PVS 5.0.0

This dashboard requires “Full Text Search” to be enabled for each analyzed repository.

As hosts connect to network, the race begins to identify all the vulnerabilities and assess how each system will affect the network. Only Tenable can automatically analyze information from active scanning, intelligent connectors, agent scanning, passive listening, and host data. Active scanning periodically examines hosts to determine the level of risk posed to the organization. Intelligent connectors leverage other security investments in the environment to integrate security data in order to improve context and analysis. Agent scanning provides the ability to rapidly assess hosts without the need for credentials and to detect hosts that were offline during active scans. Passive listening provides real-time monitoring to collect information about hosts connected to the network and how the hosts are communicating. Host data uses logs, file system activity, and configuration changes to actively monitor host activities and events to identify malicious activity and anomalous behavior.

The dashboard contains the following components:

  • Questionable Hosting - Detected Web Servers - This table presents all web servers passively detected on the network, including web servers detected by PVS plugins 1442 (detection of web servers that send a “Server:” string in their server response), 8166 (detection of web servers that do not send a “Server:” string in their server response), and 7034 (HTTP server vhost detection).
  • Questionable Hosting - Questionable Content Hosted - This component presents indicators of possible questionable content hosted on web servers on the network, including hosting .ini files, torrent files, archive files (which might contain sensitive data), media files (which might be copyrighted), and malware, as well as linking to malicious content, and serving possibly malicious script and iFrame tags. A purple indicator means questionable content was detected. Questionable content should be further investigated to ensure compliance with organizational standards. Additional information can be obtained by clicking on the indicator to drill down and view the detailed vulnerability information.
  • Questionable Hosting - Responses to Queries for Questionable Domains - This chart presents detections of questionable domain name requests that web servers on the network have responded to over the last three months. The lines show answered domain name requests for URLs containing keywords related to money, porn, dating, game, sweepstakes, and party. Note that these keywords will not find all questionable domains and there may be a high false-positive rate. Keywords can be added or removed as needed in the series’ filters. Domain groupings can also be added or removed as needed.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training