Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 35

Welcome to the Tenable Network Security Podcast - Episode 35

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements


Stories

  • Reclaim Your Privacy? - There is no question that some people share way too much information on Facebook. Social networking is so popular that attacks and penetration testers alike are using it for information gathering and social engineering when attacking an organization. The techniques are quite useful and often very successful. One good example is to guess or brute force user passwords (for example, I can view a user's Facebook page, obtain the name of your dog, and try that as your password). It sounds too easy, but unfortunately for the security of enterprise networks, it works. The site linked here claims to help Facebook users with their privacy settings. Now, this could be completely legitimate, but in the words of Admiral Ackbar, "it could be a trap!" Don't trust programs or web sites that claim to check your computer settings or Facebook settings as you could unknowingly be allowing an attacker access to your information.
  • Fun With Printers - Part 3 - If there is one thing I love, its printer hacking! This three-part blog post (See Part 1, and Part 2) details how to use printers to steal documents being printed, use printers as relays for idle port scanning, and a complete re-write of the Hijetter tool that allows you to send commands to the printer using PJL and upload files. It's nice to see some focus on this and I can't wait to test out these new tools. Printers are one of those device types that no one pays attention to, but should be part of your overall security program.
  • Analyzing MIT Wireless Traffic - I think it's really neat that MIT showed this particular student the proper way to obtain permission and analyze traffic. I really like the use of simple command line tools to gather network traffic information. You can gain great insight into your network and find out all sorts of information, even security related, just by reviewing the layer 3 protocol information.
  • Default Database Passwords Still In Use - Default passwords really annoy me and I can't understand why they are still in use! Especially when it comes to databases... why not just let the database admin choose a password that isn't the default?
  • FBI seizes $143 million of fake Cisco hardware - I have a growing concern that while we are all so concerned with software security, it may be the case that hardware is now being compromised. This may be the case with fake Cisco hardware originating from China. You may not be able to tell that that brand new router is a fake until it's too late. If you place it in your network, what if under the covers it is compromised and uses a backdoor to re-route traffic or letting attackers connect remotely? This is scary, especially because it falls outside the scope of many security programs.
  • Why compliance is chosen over security - I believe that compliance and security is a delicate balance. Let's not forget about making good business decisions either!

Download Tenable Podcast Episode 35