Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 48

Welcome to the Tenable Network Security Podcast - Episode 48

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

Ron Gula

Ron and Paul discuss web application testing using Nessus!


Stories

  • Cisco IOS XR BGP DoS - Any time there are vulnerabilities with a product that implements BGP, it is a cause for concern. BGP is the routing protocol that runs the Internet, and we've been fortunate that there have been no known attacks against it that have caused any serious damage. Well, I guess if you consider Pakistan taking down YouTube serious, then there has been one serious "attack". However, this was a misconfiguration, not a vulnerability in a product or the BGP protocol itself. Well okay, there was a presentation at Defcon 16 that demonstrated a weakness in the protocol that allows for snooping of data in transit. So, maybe BGP is a little broken but my bet is that people will not DoS the Internet. It's too important.
  • New Windows Meterpreter Search Functionality - This is a great feature. Once you compromise a machine, you can use the built-in indexing service to more efficiently search the computer for sensitive information. You can also perform specific searches for things like IE browser history. This is the equivalent of breaking into a house and using the homeowner's flashlight to find the valuables.
  • CEO, CFO, Pants on Fire? - An interesting article that looks at public audio from publicly traded companies' meetings with shareholders. Now, CEO/CFO lying aside, I think it's both interesting and useful to be able to tell when someone is lying (like when your users tell you, "I picked an awesome password" or the systems administrators tell you, "I applied all available patches to all of our systems"). After analyzing the data gathered from CEO/CFOs, the researchers came up with a few common phrases that indicate when they may be lying, such as "They make more references to audience or general knowledge – “As you know…”" and "They use more words linked to extreme positive emotions – “The outlook for the company is fabulous!”". So, when your IT manager says, "As you know, our password policy for the company is fabulous!", he or she could be lying.
  • HTTP Strict Transport Security - Here's a solution to this problem: if someone goes to a page using HTTP, when they should have used HTTPS, rather than automatically re-direct them, put up a static page WITHOUT any HTML links, that states: "For your own safety, Please go to the HTTPS version of this site." No? Right? Maybe?
  • Home Security Tips - For the most part, good security applies to both information and your home, and Rich provides some good tips for home security. However, I do disagree with the video surveillance suggestion, which Rich says, "The one thing I'm not really big on is cameras. For my home I worry a lot more about someone getting in than capturing them after the fact. And we live in a densely populated subdivision with neighbors we know well and inform before we leave on big trips. That and an alarm sign out front are better than any crazy camera system." While I am not too worried about capturing a burglar, I do want to keep an eye on things. For one, even if you know your neighbors well, there could be an "insider" attack. Furthermore, a burglar is even more likely to skip over your house if they see alarm signs AND a camera pointing at them. You can even get fake cameras that will do the job just fine. With respects to network security, there are lessons to be learned. First, intrusion detection and monitoring is extremely important and should be in every network. Second, two defensive measures are better than one.
  • Attackers go after the DLL injection vulnerability - There's lots of information out there about this. It's interesting how the NSA issued a warning against this vulnerability 12 years ago and was a voice in the wilderness. Nessus has plugins to cover this vulnerability as well, one titled "Insecure Library Loading Could Allow Remote Code Execution" and another called "Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting"

Download Tenable Podcast Episode 48