Security Strategy

Being the Caveman - Tenable Style

by Ron Gula on October 10, 2007

After reading Richard Bejtlich's " Be the Caveman " blog post about the convicted hacker Robert Moore , I felt it would be interesting to show how unifying vulnerability monitoring, configuration auditing, passive network discovery and log analysis helps organizations detect intruders. This blog post focuses on the techniques mentioned by Moore and Bejtlich, and how tools like Nessus and the Security Center can make this easy to do for any size organization. Testing for Default and Weak Passwords During his interview , Moore was quoted saying that default and common passwords were used on...

Active and Passive TOR Detection

by Ron Gula on September 19, 2007

Tenable's research group has recently released several updated plugins for both the Nessus scanner and Passive Vulnerability Scanner to detect Tor in operation and waiting for connections. Tor is a self organizing peer-to-peer network application. It encrypts network communications and also randomly spreads it across other Tor nodes to prevent traffic analysis. Tor can be used for anonymous network browsing. It has recently been reported as being used by the Storm worm to connect to other potential victims as well as obtain command and control instructions. Hostile "Tor users" have been...

Finding Vulnerabilities Older than 30 Days

by Ron Gula on August 6, 2007

"30 Days" seems to be the default amount of time organizations look for vulnerabilities to be patched by. Version 1.1 of the Payment Card Industry standard specifically states a 30 day time period. Of course the actual age of a vulnerability has nothing to do with how easy it may or may not be to exploit, but politically, old vulnerabilities can indicate broken policies, bad IT processes and lapses in compliance. This blog entry discusses how networks can be monitored for vulnerabilities with Nessus , the Passive Vulnerability Scanner and the Security Center in such a way, that...

Detecting the Apple iPhone and other 'Shadow IT' Technology

by Ron Gula on July 17, 2007

While reading the 'Declaration of Interdependence' series of articles in the July 1st issue of CIO Magazine (including an additional online article named ' Users Who Know Too Much and the CIOs Who Fear Them '), the term "Shadow IT" was used to describe the aggregate amount of personal, walk-in and employee owned software and hardware that makes its way onto corporate networks and computers. This blog entry discusses strategies to look for applications that should not be running on your network as well as understanding which "unsanctioned" applications may be the most popular. It also...