Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 118 - "Detect jailbroken devices, mobile device concerns"

Welcome to the Tenable Network Security Podcast Episode 118

Announcements

New & Notable Plugins

Nessus:

The plugins below are local patch checks for Cisco IOS devices:

Passive Vulnerability Scanner:

Stories

  1. One lesson from Information Security World 2012 - Security is in trouble - A panel with Marcus Ranum, Chris Nickerson, and Alex Hutton, what could be better? The take-aways were security leaders don't have enough knowledge about the organization to make informed prioritization decisions, auditors should not determine priorities, management fights auditors instead of bad guys, there are lots of bears, and not enough smart people in the organization to be effective when it comes to security.
  2. SSL Chain Cert Fun with Nessus - Neat article on how to update your certificate chain in Nessus so it recognizes your certificates and any SSL configurations with chained certs.
  3. Mobile Device Management Top Concern - Mobile device vulnerability management is the top concern for security professionals. Ron Gula is quoted as saying "Mobile devices add an entirely new level of complexity to an organization, but security too often takes a back seat to convenience. Although the transient nature of mobile devices presents a unique challenge, organizations can achieve greater control by regularly scanning for vulnerabilities and monitoring the information that comes on and off their network." Now, some may take issue with how this comes to be the top concern. I'll admit, I think its a bit premature to think mobile devices pose that much of a threat. However, we're not talking about the "security" of mobile devices being the concern; its about vulnerability management and monitoring. Having spent a good amount of time traveling, I used my smartphone A LOT. I began thinking about how painful it was to use a first generation iPhone and how far we have come. At what point do many just stop carrying a laptop?
  4. Curb Their Enthusiasm: CEO Optimism Can Be A Security Risk - This is one of the greatest quotes about security I've read in a long time: "…bad security decisions are made for the same reasons that other bad decisions get made: inability to predict the future, failure to foresee all the consequences of the decision, and a reliance on someone else who doesn’t live up to their end of the deal."
  5. Lesson From Pwn2Own: Focus On Exploitability - "The speed that vulnerabilities could be exploited holds a lesson. While vulnerabilities that are actively being exploited should receive the highest priority for patching, the contest shows that the exploitability of a vulnerability -- not just the existence of an exploit -- should be considered as well." There is this notion that some people must see a system exploited in order to believe it presents risk. It's difficult to know which vulnerabilities are easy to exploit, and which ones are next to impossible. However, Nessus can help you find the systems for which an exploit exists, and no question you should be patching these first. But don't leave out all the other vulnerabilities, as there are people who can crank out an exploit for a given flaw rather quickly, and if you are not expecting it, it can be damaging when exploited.
  6. FreePBX Exploit Phone Home - Some really neat stuff in here -- FreePBX exploit, using Nmap for privilege escalation, and more!

Episode 118 Direct Download (mp3)