Tenable Blog

Covering All Your Bases

Internet-facing servers are a popular attack target: They are accessible to everyone on the Internet and can easily be probed for vulnerabilities. Based on exposure alone, Internet-facing servers present a higher risk of becoming compromised. This risk needs to be mitigated if organizations must provide access to services such as web, mail, and VPN connectivity. It is therefore important that these servers are regularly assessed for potential vulnerabilities (and more important that something is done to remediate the vulnerabilities). This blog entry provides guidance for some basic security issues which are important to monitor on Internet-facing servers, such as:

1. Maintaining Patches - It is important to keep up-to-date with patches in general, and with systems that are exposed to the Internet, fixing both local and remote vulnerabilities are particularly important. For example, a web server may contain a vulnerability which allows an attacker to gain a shell with the privileges of the running user (e.g., www-data). If local vulnerabilities are present, the web server vulnerability can quickly lead to the attacker gaining root-level privileges. With this level of access, attackers have a much better chance to cover their tracks and hide their presence within the system. Therefore, ensuring all available security patches are installed on your systems is important.

Easily Exploitable Web Application Vulnerabilities - If you've ever monitored the logs of an Internet-facing web server, you know attacks against applications are frequent. Application testing involves many different processes and techniques, but you don't want to give attackers any low-hanging fruit. It is important to test your applications before they are put in production, but also continue to monitor for vulnerabilities in production. Several automated tools in use by attackers exploit flaws, such as SQL injection, on a regular basis. Once the application is on your production system, it is important to regularly assess it to stay ahead of the curve and remediate the vulnerabilities before attackers get to them.

Exposed Services - Internet-facing servers ideally offer a limited number of services, since they do not need to support a wide range of services that an internal development server would offer. This makes it easier to scan and identify vulnerabilities and detect any new services which may crop up. Firewalls are often deployed to provide an extra layer of protection for systems exposed to the Internet and ensure that only required services are permitted. Scanning these hosts on a regular basis will quickly identify any new services that are running or mistakes made in firewall configuration which may unintentionally expose an internal service or server.

Many customers have recently inquired about detection of video conferencing hardware and software, and Tenable’s research team has been developing additional PVS plugins to do just that.

 

Ron Gula on Why Tenable Fits the Department of Defense

Earlier this week, Tenable formally announced the company's products had been selected as the basis for the Assured Compliance Assessment Solution (ACAS), the Defense Information Systems Agency's Department of Defense-wide program for managing vulnerability and configuration assessments.

Announcements

• Tenable Selected for DISA’s ACAS Vulnerability Management Solution
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

• Netstat Active Connections - Active connections are enumerated via the 'netstat' command.
• SSL Resume With Different Cipher Issue - I just can't help but wonder how many times we can poke holes in SSL. The protocol does not breed much confidence, and I'm curious if we will ever see a replacement.
• Citrix XenServer vSwitch Controller < 2.0.0+build11349 Multiple Vulnerabilities - While VMware clearly has a lion's share of the market, there are several other virtulization vendors in the market. Whatever platform you choose, security has to be one of the top priorities as reliability and integrity of your virtualization platform is of the utmost importance.
• HP System Management Homepage < 7.0 Multiple Vulnerabilities - Not only did HP miss a CSRF vulnerability, but they bundled in a vulnerable version of Apache, PHP, and OpenSSL. This is unacceptable.A company this large, producing the amount of software they do, must have a better process for securing software.
• Mac OS X OSX/Sabpab Trojan Detection - Make sure you are running this plugin often against your OS X hosts. They could be infected with new variants or become re-infected from a Time Machine backup.

IBM Tivoli Directory Server Web Administration Tool Unspecified XSS - More XSS in enterprise management applications.

Announcements

• Nessus 5.0.1 Released - This update includes support for FreeBSD 9 and gives you more flexibility when specifying port ranges and types (UDP or TCP) for the port scanner. Several bug fixes are included as well, including Windows installation issues.
• SecurityCenter 4.4 Released:
• Improved performance, with a new XML-RPC-based interface that speeds cross-system connections and adds fault-tolerance and improved reliability.
• Easy report template and information sharing. New reports, designed by Tenable experts, can be downloaded from the new Tenable SecurityCenter Enterprise Reporting blog, imported into SecurityCenter, and used immediately, customized, or exported to share with others.
• Easy access to over 100 pre-defined Quick Reports, including SANS Consensus Audit Guidelines, Center for Internet Security Audits, FISMA compliance indicators, HIPAA compliance checks, OWASP, PCI, and other IT and patch audit reports.
• New data visualization displays that use charts and color-coding to indicate the number and severity of vulnerabilities based on IP addresses, host names, and asset groups.
• Integration with Tenable’s cloud-based Nessus Perimeter Service.
• Improved integration with GRC, SIEM, IDS, firewall analysis, and other systems that support Nessus reporting. SecurityCenter now exports scan data in the Nessus v2 format.
• Scan hosts by specifying the DNS host name or URL for web application assessments.
• Authentication: Support for the use of digital certificates with SecurityCenter. Support for smartcard authentication (including U.S. Department of Defense’s Common Access Card (CAC)).
• New Version of Nessus Perimeter Service Released - As Tenable is an Approved Scanning Vendor (ASV), you can use the Perimeter Service to perform PCI scans, using an approved PCI policy, and submit the scan results to Tenable for PCI ASV validation. The Perimeter Service allows you to scan as many systems as you like, as often as you like, and submit two scans for validation per quarter at no extra cost.
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. New videos are always in the works and updated Nessus and Perimeter Service videos will be available soon.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!