Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 30

Welcome to the Tenable Network Security Podcast - Episode 30

Announcements

Stories



  • Don't Change Your Password - I have mixed feelings about this article. The security professional in me, with experience in implementing security in the trenches at several different corporations and universities, wants to shred it until it cries "uncle". Changing your password on a regular basis does have some benefit, doesn't it? I remember being on a penetration test and compromising an older server that contained a whole bunch of Windows password hashes (stored in LANMAN format, none the less). They were easy to crack because they were stored in an older format, but the problem was that they were old passwords. Fortunately, they had no password reset policy. And fortunately for me, one of the passwords I cracked belonged to a user in the domain admin group within the domain. So, as crazy as it sounds, changing passwords does help. On the flip side the argument is that changing passwords is too hard for users and takes too much time. In most cases I agree with this statement. I believe that IT departments need to make it easy for end-users to implement this security measure, which really only protects you from a dedicated attacker. Making users spend too much time implementing a defensive measure that has little impact doesn't make much business sense.

  • Escaping From the PDF - This is a really neat technique developed by Didier Stevens that uses the "/Launch" feature in a PDF to execute a command. Recently Didier figured out that Foxit released a patch, but that the Adobe exploit now worked in Foxit! Crazy stuff happening here and I'm wonder just what legitimate purpose the "/Launch" feature has in a PDF document! Why does a user need to launch an executable when reading a PDF document (or any document for that matter)?

  • Sun Solaris now on a Quarterly Patch Cycle - Is it enough? We see major companies (Microsoft, Cisco, Oracle, Adobe and others) whose software and hardware make up a large percentage of the install base across the globe, and patches are released monthly at best, sometimes quarterly, and bi-yearly if you are Cisco. If you're an evil bad guy, patch cycles that are driven by the vendor provide a nice window of exploitation. If you can find and exploit vulnerabilities before the vendor issues the patch, you're golden... that is, if you can get in and stay in without getting caught. Shortening this window of exploitation would prevent a lot of attacks. Of course we still have to get the organizations to apply the patches, but that's a whole different story.

  • Too Much Money Spent on Compliance - Frequency of an incident versus the level of damage are two factors that seem to never be taken into consideration properly. It's a tough call; the incidents that are least likely to occur can cause the most damage and have the most financial impact. The more frequently successful attacks are typically of low impact. For example, lots of malware is installed on computers that become part of a botnet and the malware doesn't even look at the data on the system. However, an attacker targeting your organization can do serious damage and maybe even collect sensitive information, take your network hostage, and leak trade secrets. This occurs less frequently than automated malware, but is far more damaging. Compliance seems to be a good guideline to help prevent automated malware, but does not go deep enough to protect against more serious threats.

  • Cisco WLAN Flaws & The Bigger Picture - Proprietary and usually embedded systems are often weak links when it comes to security. Cisco's implementation is no exception. Researchers have found that they are still using LEAP in some capacity and the management interfaces contain SNMP and web application flaws. An attacker could exploit these vulnerabilities to obtain encryption keys. I believe that wireless attacks are most beneficial to attackers, as it allows for an easier MiTM attack to take place because you can access all wireless clients in one fell swoop. Also, many devices, especially in the medical field, only use wireless where these types of attacks are especially useful. Everyone spends time to secure desktops and servers, but then ignore the embedded systems (which is a good example of this failure). What will happen when computing as a whole moves to using more embedded systems over the desktop? The researchers also state that the vulnerabilities were not as easy to find as using a standard Nessus scan. Remind me some time to tell you the story of a vulnerability I found on a wireless controller by doing an operating system fingerprint using Nmap.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.