Tenable Blog

A few interesting notes on this month's Microsoft Patch Tuesday release:

• Windows DNS servers are vulnerable to remote exploitation. However, they must implement a specific configuration.
• We've released a new plugin to detect the Remote Desktop Web Access service on Windows.
• Another five vulnerabilities in Internet Explorer have been fixed. I believe this to be one of the more critical things to patch. While Microsoft claims there are no known exploits, no one can be certain.

To further aid in your efforts to evaluate the exposures presented by the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:

• MS11-057 - Nessus Plugin ID 55787 (Credentialed Check)

BackTrack 5, code name "Revolution", is a very popular Linux distribution used primarily for penetration testing. It contains a lot of different tools for scanning, testing, and exploiting everything from web applications to wireless networks. Since the creators of BackTrack 5 included such a vast array of tools, I thought it would be interesting to show how some of those tools can be integrated with your Nessus server to extend functionality and import results.

Importing Nmap Results

There are many occasions where Nmap is used to scan specific hosts or a large network of hosts. The XML results from Nmap can be imported into Nessus and used as the basis for vulnerability scanning. If you are going to use Nmap results this way, you can disable Nessus's built-in port scanners and host identification functionality, relying solely on your Nmap results to perform the scan:

Burying Stumps

Recently I've been planning and executing a plan to fix some of the landscaping around my house (as a side note, try not to plan this to happen in the middle of July when it’s 90 degrees). In talking with people who have experience with landscaping projects we seem to always hit the topic of digging up and burying stumps, and whether this is a good idea or a bad idea. For the short term, it seems like a good idea. The stumps take up space in the ground so you need less fill (which saves money), burying is cheaper than grinding them down or having them hauled away, and you don't have to look at an ugly stump. The downside is that 7-10 years down the road, the stumps begin to rot and you are left with sinkholes in your yard.

Welcome to the Tenable Network Security Podcast - Episode 89

Hosts:

• Paul Asadoorian, Product Evangelist
• Ron Gula, CEO/CTO
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

• Facebook blocks a second contact export tool - Information, in the right context, can be quite powerful and expose your privacy. Facebook recently blocked Google+ from exporting your list of Facebook friends' names (not email addresses). When you put this in the context of attacks, knowing the names of someone's friends on Facebook could be quite valuable for social engineering.

The Benefits of Credentialed Scanning and Auditing

We've covered the advantages of credentialed vulnerability scanning and configuration auditing in previous blog posts, but I want to recap some of the benefits:

• Getting Around Firewalls - Whether you are scanning through network or host firewalls, credentialed scans require less ports to be open between the scanner and the target(s) and require less network bandwidth and target resources.
• Finding Localized Vulnerabilities - Several vulnerabilities, including those being exploited by attackers and penetration testers alike, are not accessible over the network but present themselves in end-user software ranging from web browsers, PDF readers and office suites. By performing a credentialed scan, Nessus is able to find vulnerabilities that requires user interaction to trigger exploitation in local software.
• Verifying Settings & Configurations - Through either Nessus plugins or configuration auditing, you can answer questions about the state of your systems. For example, if you want to know who has either local or domain administrative rights to your systems, there are plugins that report the list of users. Want to know what type of USB devices are in use in your environment or which systems have modems connected? There are plugins that test for those conditions as well. With configuration auditing, you can check any registry entry on a Windows system for a specific value or check the values on entries in configuration files on Linux/UNIX systems.