Tenable Blog

This webinar will feature myself and Ron Gula and discuss how to use Nessus to perform security auditing of custom web applications.

Security breaches can come from those you least suspect. Have you ever wondered what would prevent a malicious insider from obtaining privileged credentials during an IT audit? It would be a simple matter of just setting up a Linux or Windows box with a sniffer or backdoor to grab the domain or root password during the audit. Tenable has written Nessus 3 and Nessus 4 to take advantage of underlying protection mechanisms in SSH and Windows authentication protocols to limit your exposure to this type of attack.

This blog entry describes how you can securely audit your Unix and Windows hosts to limit exposing these credentials to an insider and also how to use Metasploit to test any vulnerability scanner to see if it is vulnerable to this type of attack.

SQL injection is a class of vulnerabilities that can plague web applications in your environment, often with devastating consequences. They can be difficult to detect and validate and are sometimes the cause of major data breaches. This is a deadly combination. Databases contain the information that attackers are after, including SSN, credit card numbers and other information associated with an individual’s identity such as name, address, phone number, mother's maiden name and more.

How do you know that the software being executed on your network is authorized and acceptable? Many organizations struggle with this concept or ignore it altogether. There are generally four approaches to enabling or preventing software usage:

• White listing of software - A third party application or very tight operating system configuration settings is used to only enable specific authorized program names. Everything else is denied by default.
• Black listing of software - A third party application specifically controls what programs cannot be run. Anything not on the list is allowed by default.
• Ignorance – Some organizations simply do not have the staff, resources, technology or concern to attempt any type of analysis of what software is allowed.
• Auditing – Using one or more methods, an organization takes no immediate action on software usage, but it does track and analyze what programs are available and in use to help make better policy decisions, to have a more intelligent incident response process and to help IT troubleshoot issues.

A friend of mine, who was preparing to teach a workshop that included information about Nessus, recently asked: "What are the top three things you would tell people about Nessus?" Below is a more detailed version of my response:

1) Network Scanning - With over 28,000 plugins, Nessus has some excellent coverage in terms of vulnerability scanning for your systems and network. When running a network-based scan it is important to tune it appropriately. Look at the different plugin families and enable the ones that you think are most relevant. In addition, review the Advanced options for your scan. If you are performing web application testing, take a look at the Advanced options global variable settings. If speed is not a factor, you can get some awesome results by enabling CGI scanning, experimental plugins and thorough tests. Finally, don't just look at the high level alerts: some medium and low level alerts can lead to root access!