Tenable Blog

Reconfiguring Access Points

Wireless threats come in many different forms, such as disclosure of cleartext credentials, breaking encryption schemes such as WEP and attacking wireless drivers on client systems. While you can extend the range of wireless signals, for the most part these attacks require that the attacker be in close physical proximity of the wireless network and/or client to execute. This is the primary reason why most organizations do not assign a high priority to defending against these attacks. There are far more attackers on the Internet than will be in close proximity to your wireless deployment.

However, something that worries me greatly are wireless attacks that break down these physical barriers. What if attackers could remotely attack a system and then use it to perform local wireless attacks? There have been some papers posted about using the local client system to enumerate wireless networks, but not much in the way of launching attacks. Malware that embeds itself in wireless routers has received limited exposure (except for the infamous "Chuck Norris" worm, that may have been due to the popularity of the "Chuck Norris Facts" web site).

In an effort to stay ahead of attackers, I recommend that organizations place a higher priority on protecting wireless clients and access points. There are several very concerning vulnerabilities in access points that are trivial to exploit. One example is the D-Link DCC Protocol Security Bypass.

Welcome to the Tenable Network Security Podcast - Episode 55

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Risky Business #173 Interview with Ron Gula - Process Accounting and El Jefe
  • Deloitte Names Tenable as one of America’s Fastest Growing Companies - Again!
  • Nessus Reaches Plugin 50000
  • Integrating Hydra with Nessus Video
• Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.


• We're hiring! - Visit the web site for more information about open positions.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!

Tenable Network Security was ranked 251st on the Deloitte 2010 Technology Fast 500™ program (15th in Greater Washington DC area). This program ranks the fastest growing companies in technology, media, telecommunications, life sciences and clean technology in North America. Rankings are based on the percentage of fiscal year revenue growth during the past five years. Tenable’s revenue grew 363% during this period.

A new video has been uploaded to the Tenable Security YouTube Channel titled, "Integrating Hydra with Nessus":

When installing Hydra on Ubuntu-based systems, here are a few tips to get all of the modules working properly:

Does your organization use “secure communication” channels, such as HTTPS? Has your IT staff placed trusted certificates on all of your critical and important web services? What about your SMTP, FTP, IMAP, LDAP, POP3, ACAP, NNTP and XMPP servers? Have any of your certificates expired? Have hackers compromised your servers and replaced them with fake certificates? Secure communications with SSL is a lot more complicated than simply going to sites that have an “https” in front of them. This blog entry discusses how active scanning with the Nessus vulnerability scanner and network monitoring with the Passive Vulnerability Scanner (PVS) can be leveraged for continuous monitoring of your SSL certificate infrastructure.