Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 180 - "Detecting Backdoors, One Vulnerability Trumps All (Sometimes)"

Welcome to the Tenable Network Security Podcast Episode 180

Announcements

Discussion & Highlighted Plugins

Detecting Backdoors

  • The latest Nessus plugin feed update includes detection for Poison Ivy, a popular backdoor used by attackers. Poison Ivy allows a remote attacker to control the compromised system, and has mechanisms to jump from process to process. While anti-virus products should detect the presence of this software, there's always a chance of gaps. For example, by modifying the Poison Ivy binary, you can change its signature. This means if your AV software is out-of-date, an attack will be successful. If a determined attacker, dare I say "APT," were to modify this software to bypass even up-to-date AV software, Nessus can be used as a second line of defense in conjuction with malicious process detection adding more malware detection layers.

Catching Third-party Software Vulnerabilities

  • Perhaps one of the toughest challenges still for IT today, is keeping up with third-party software. Users will find ways to install software on their own (such as virtual machine software). Filling in the gaps nicely is the Tenable Passive Vulnerability Scanner (PVS). I've been running PVS on my lab network and witnessed firsthand as it flagged a PuTTY vulnerability on one system, and told me that my Flash player was out-of-date on my other system. Third-party vulnerabilities have a tendency to hide, and PVS helps uncover them in a big way.

One Vulnerability Trumps All (Sometimes)

  • Reading about OSPF vulnerabilities has me worried, especially when the description states: This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic. Routing protocol attacks, while limited to the local network (unless they refer to BGP) can be particularly damaging. "Intercepting traffic" has a deeper meaning. If an attacker is able to insert themselves into the middle of TCP/IP communications, the possibilities for attack are endless. IT teams must assign a high priority to this type of attack. While some traffic will be encrypted, injection attacks can undermine the encryption. For example, the ability to add any HTML or Javascript to any website the user visits translates into global XSS vulnerabilities, allowing an attacker to undermine any security controls you may have in place (eventually).

New & Notable Plugins

Nessus

General

Passive Vulnerability Scanner

Tenable Compliance Checks

Security News Stories

  1. Open Security Research: Remote Code Execution on Wired-side Servers over Unauthenticated Wireless
  2. ZMap - The Internet Scanner
  3. If You Send To Gmail, You Should Have 'No Legitimate Expectation Of Privacy' | Business Insider
  4. Researchers release tool to pickup the SLAAC in Man-In-The-Middle attacks using IPv6 | Network World
  5. Putty Security Update (SSH Tool)
  6. Poison Ivy: Assessing Damage and Extracting Intelligence
  7. Hackers use new tactic to attack U.S. media sites | Reuters
  8. Attention, parents: Baby monitor hacked; default password to blame?
  9. Zuckerberg Facebook hacker gets $10k fundraiser bug bounty
  10. CSOs: Stop flogging the threats and start providing solutions
  11. Bloke leaks '1000s' of Twitter login tokens, says he can hack ANY twit

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security