by Dave Breslin
May 29, 2012
This report template is focused on vulnerabilities detected in popular Apple desktop, laptop and mobile software using Tenable’s Passive Vulnerability Scanner, PVS. The sample trending graph above was cut from one of five chapters and provides a 5 day trend of Safari, QuickTime and iTunes detected vulnerabilities with scores greater than or equal to 4 using the Common Vulnerability Scoring System Version 2, CVSS v2.
- May 29th 2012, version 1, SecurityCenter 4.4
- Required Tools: PVS
- Download Example - Apple Safari, QuickTime and iTunes (PVS)
- Download Template - Apple Safari, QuickTime and iTunes (PVS)
The template when reporting on host details includes DNS name, NetBIOS name and MAC address information. This information will need to be retrieved using Nessus and may already be provided if Nessus and PVS vulnerability data is being blended together in SecurityCenter. Alternatively the fields with the extra host information can be easily removed from reporting using the GUI driven SecurityCenter report builder leaving just the host IP address. Internal DNS names and NetBIOS names may not be appropriate when reporting on hosts such as smartphones which is reflected by a couple of the hosts in the example report. Also, we may be monitoring business partner connections ensuring partners are patching client and server applications in which case scanning, generating packets, with Nessus may not be allowed down partner connections.
The template consists of five chapters:
The “Apple Safari”, “Apple QuickTime” and “Apple iTunes” chapters all report a CVE summary. Each chapter contains a list of hosts that have had Safari, QuickTime or iTunes software detected in use and a trending graph for measuring the remediation of vulnerabilities over time. For example, this is a trending graph produced for iTunes:
It is also possible to add trending graphs to the template to trend the detection of software in use:
Looking at both trending graphs above we can deduce that the remediation action taken was not to patch and/or upgrade the software but it was to actually remove iTunes completely since its not being used.
Demonstrating daily trending over time is invaluable and necessary when using passive vulnerability detection. The template's graphs trend over the last 5 days, however, it is more probable that remediation will not be as aggressive in a large enterprise and changing the trending timeframe is very easy with the GUI driven SecurityCenter report builder:
When trending using PVS data ensure you understand default settings in regards to PVS like this one in SecurityCenter:
The template in many places only reports vulnerabilities that have a CVSS v2 score greater than or equal to 4. This is from experience of working with Tenable customers who often want to initially focus on medium to high risk vulnerabilities after deploying Tenable's enterprise software. CVSS v2 score ranges for filtering can be easily modifed and added using SecurityCenter's GUI driven report builder:
The final chapter in the template entitled "Apple Safari, QuickTime and iTunes Vulnerabilities with Known Exploits Summary" uses the "Exploit Available" and "Severity" vulnerability filters to summarize vulnerabilities in various ways that have a known exploit: