Vulnerabilities

Tenable Launches “Straight Talk About PCI” Discussion Forum

by Jeffrey Man
December 19, 2013

Have you ever tried to navigate the PCI website and gotten lost and confused?

Are you part of the 99% of companies that must traverse the PCI Compliance landscape as part of the “Self-Assessment” or “do-it-yourself” crowd?

Have you been overwhelmed by vendor claims of “PCI made easy” or “PCI Compliance in 10 minutes” or “PCI in a Box”?

Does it bother you that the answers to your questions are often tied to the product/solution the vendor is selling?

The Exploitation of Exploit Frameworks

by Paul Crutchfield
June 24, 2013

At the recent Gartner Security and Risk Summit, one of the presenters recommended using an exploit framework to prioritize vulnerabilities. The idea is to use the exploits to automatically verify vulnerabilities as part of the vulnerability management process. Simple in theory, bad in practice.

Prove You’re Watching 100% of your Network

by Ron Gula
June 11, 2013

How hard is it for you to prove that you are performing vulnerability scans, network monitoring and log analysis for 100% of your network? If your organization hasn’t automated this process, or it is relying on periodic manual processes, chances are you are blind in some areas and don’t know it.

Log Correlation Engine 4.2 Released

by Jack Daniel
May 29, 2013

Tenable has released the Log Correlation Engine, version 4.2.  This major release provides several significant new features and enhancements, including:

Automatic Asset Discovery

Assets are detected and identified through inspection of log files.  Logs from systems including DNS and DHCP servers, firewalls, and web filters will include information on all devices actively communicating on the network.  LCE 4.2 uses this information to deliver complete asset discovery.

Monitoring the Life of a Java Zero-Day Exploit with Tenable USM

by Randal T. Rioux
October 25, 2012

Not too long ago, CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU #636312) was issued for a flaw discovered in Oracle Java (JDK and JRE 7 U6 and before), as well as version 6 U34 and before.

This is a client-side vulnerability, which requires a user to initiate activity to be exploited. I will avoid dissecting the flaw in detail, as this information is widely available on the Web (a particularly good write-up is here).

Keep in mind that Java is platform independent, and so is this exploit. The example here uses Internet Explorer on Windows 7 (with Java SE 7u3). However, Linux and OS X users shouldn’t feel excluded on this one!

With Tenable's Unified Security Monitoring (USM) platform, comprised of SecurityCenter (SC), the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), we can track this exploit from start to finish.

Remote Access Woes: Microsoft Windows Remote Desktop Protocol (RDP)

by Paul Asadoorian
June 15, 2012

The Trouble with Remote Access

Remote access protocols are certainly one of the long-standing topics discussed when it comes to information security. Most security practitioners have had to deal with the threats and risks posed by the wide range of protocols used to remotely manage and access systems, including Telnet, SSH, RDP, and even third-party providers such as GoToMyPC. Convenience is heavily weighed against security, as users and administrators require access to the systems, yet security in the forms of authentication and encryption seemingly "get in the way." This debate has come up in my career more times than I care to remember. When I first set out to help make systems more secure, one of the first actions I proposed was to remove Telnet from all of my UNIX (Solaris and Linux at the time) systems. Turns out it was a valuable lesson for me as I learned that while technically not so challenging, convincing 25 or more developers that they had to use an SSH client rather than the built-in Telnet utility was the most challenging aspect of that project.

The same debate occurred later in my career when I was tasked with helping the newly-created Windows systems administrators group secure their brand-new Windows domain environment. I had a similar conversation about Microsoft Terminal Services, which uses the RDP (Remote Desktop Protocol). At the time, in the default configuration, an attacker could perform MiTM attacks to obtain the username and password, in addition to logging the keystrokes sent to the systems being managed. Again, technically there was an easy fix (change some settings on the servers, and use a compatible client on the management systems). However, the real challenge was persuading the administrators to make the switch, as they had always just used the default configuration and, by their own account, "nothing bad ever happened." In this case, I had to use a demo and perform an attack, with permission, of course, against an administrator. Once they saw it, the progression to a properly-configured and more secure RDP implementation was underway immediately.

Annoy, Attribute, and Attack

by Dale Gardner
May 28, 2012

Annoy, attribute, and–with care–attack the attackers who are attacking you. In this RSA presentation, Tenable Product Evangelist and PaulDotCom Host Paul Asadoorian is joined by colleague John Strand to discuss and demonstrate Offensive Countermeasures: Making Attacker's Lives Miserable. Watch now on YouTube. 

 

Predicting Attack Paths

by Ron Gula
April 2, 2012

Tenable has published a technical paper titled “Predicting Attack Paths” that describes how to leverage active and passive vulnerability discovery technology to identify in real-time Internet facing services, systems and clients on your network that can be exploited in a variety of scenarios.

Pages