Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Auditing Rackspace Accounts with Nessus®

Just a few years ago, if you were planning a new infrastructure deployment to support new workloads, you would have expected questions related to architecture, networking, air conditioning, server room real estate and so on. But today you shouldn’t be surprised if the discussion quickly moves towards clouds, blue skies and space. I am, of course, referring to cloud services such as Amazon AWS, Microsoft Azure and Rackspace.

Cloud infrastructure-as-a-service (IaaS) products such as Rackspace are increasingly considered a real alternative deployment method while building out new or scaling existing IT infrastructure. And why not? Assets can be quickly deployed in an IaaS service, they are relatively cheaper for short term projects and and can bypass any long lead times your IT department may have when provisioning new assets.

As more and more firms move their workloads into the cloud, keeping a handle on what’s deployed in the cloud (and keeping it secure) is becoming a priority

So what should you do if you find yourself in a position where you are required to support workloads in the cloud? Well, you should carry over some lessons learned from on-premises deployments to the cloud. For example, maintain an inventory of all your resources, user accounts and their respective roles (especially admins) and also keep track of any unauthorized changes.

With the release of Nessus 6.4, you can do all that and much more while auditing Rackspace accounts.

Here are some highlights of the new Rackspace plugin.

Rackspace deployment snapshot

When the IT infrastructure of an organization embarks on a gradual migration to the cloud, one thing becomes apparent very quickly: it becomes difficult to keep track of all the resources that are deployed in the cloud all the time. This is especially true when multiple users have the privileges to provision new resources on demand.

Tenable’s Rackspace plugin reports all the resources that are deployed in Rackspace in a single result

Wouldn’t it be nice if you could figure out what resources (servers, databases, networks, users) are deployed in the cloud in a single glance? Tenable’s Rackspace plugin does just that. It reports all the resources that are deployed in Rackspace in a single result.

Changes since last scan (configurable)

Another challenge with cloud deployments is keeping track of what changed since the last scan. For example, which new servers were added or what new domains were created in the last X days. The Rackspace plugin provides a configurable variable value, which can be used to track such changes.

XPath meet jq

Once you put the Rackspace plugin to good use, two things will become obvious. One, the output is in JSON format, and second, some magic happens between what’s returned by Rackspace (in JSON) and the transformed output viewed in the Rackspace plugin. That magic is jq.

When we think about transforming XML documents into a human readable format, the simplest solution is to use a combination of XSLT and XPATH libraries. But the answer is not so obvious when it comes to transforming JSON. There are almost no good libraries which could be readily used in a product. And without a good JSON processor, there is not much that a plugin can do while dealing with JSON. So what did we do? We built a JSON processing library from scratch in the Nessus Attack Scripting Language (NASL). It’s modeled after jq (a JSON processor). You can try it in the online jq library. There is a good chance that if your filter works on the jqplay website, then it will work in the Rackspace plugin as well, since we support most of jq’s features. We are already putting this library to good use in our recently announced MDM Audit plugin.

Sample result

Rackspace audit results screenshot

Conclusion

As more and more firms move their workloads into the cloud, keeping a good handle on what’s deployed in the cloud (and keeping it secure) is becoming a priority. Last year, we released auditing support for Amazon AWS, and now we are following up with Rackspace; there is a lot more to come! So regardless of which IaaS provider you use to deploy your IT assets, Tenable products will have an audit solution to address your needs.