During the past few weeks, the Tenable R&D team has created several plugins to enhance SSL certificate auditing capability. Nessus will identify SSL certificates regardless of port and launch dozens of plugins to check for a variety of weaknesses and vulnerabilities. Three new plugins expand that auditing capability to more effectively audit your organization.

SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions

Tenable has released a plugin titled “SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions” (ID# 56284) to help users verify X.509 / SSL certificate chains. Based on RFC 3280 guidelines, Nessus will examine an SSL certificate found on any port to verify that it adheres to all basic constraints and key usage extensions. If an X.509 certificate in a chain fails to adhere to constraints and usage extensions, Nessus will report that violations are present. This finding means that either a root or intermediate Certificate Authority (CA) signed a certificate incorrectly.

Welcome to the Tenable Network Security Podcast - Episode 98

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #9".
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

1. Don’t Hit the Snooze Button on DigiNotar Alarm Bells - In 1995, we suggested the usage of network firewalls and SSL to protect web applications, and today we suggest that network firewalls and SSL protect cloud computing. There is a balance between evolving countermeasures and not hitting the snooze button on defensive technologies.
2. So-so SASO … So What? - Bringing more balance to security, there is room for automated testing and static code analysis, but should you let a 3rd party analyze your code? Most would say "Yes", unless you are Oracle...
3. Sound Database Security Starts With Segmentation - Segmentation needs to have context around it, and be based on the classification and location of your data.
4. SIEM: Dead as Claimed? - Computerworld - Its fun to see which technology will be declared dead, first it was IDS, now SIEM. Is it really dead?
5. 3 Indicted in Sophisticated Hacking Scheme - Attacker drove around the city of Seattle and broke into companies physical buildings and/or wireless networks, installed malware on their systems, and attempted to make a profit.
6. SecurityTracker: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks - I've recommended that DIGEST authentication be used over BASIC authentication in Apache. If you implemented my suggestions, make sure you take notice of this patch!
7. New OS X Trojan Horse sends Screenshots, Files to Remote Servers - I thought Macs didn't get viruses? Turns out they do...
8. Facebook Unfriending 'Bug' Gets Quick Fix - For Facebook users, this is a big deal, as you don't want your "Friends" to know that you are breaking up with them.
9. Man Builds Social Network Using Atlantic Ocean - I'd love to see the attacks against this social network, how would a cross-site scripting vulnerability play out?

Download Tenable Podcast Episode 98

Welcome to the Tenable Network Security Podcast - Episode 97

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Jack Daniel, Product Manager

Announcements

• Blog posts:
  • Microsoft Patch Tuesday Roundup - September 2011
  • Top Ten Things You Didn't Know About Nessus Video - #9 Nessus Detects Misconfiguration

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #9".
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

The Nessus Top Ten List

This is the second post in a series of ten that will cover “The Top Ten Things You Didn’t Know About Nessus”. The first, starting with 10 in David Letterman top ten list fashion, is titled “There's More Than One Way To...” and covers the benefits of both credentialed and uncredentialed vulnerability scanning. Each item on the list will have a blog post and video associated with it. And now, on to number 9: “Nessus Detects Misconfiguration”.

Misconfiguration Leads To Compromise

Nessus helps you answer the question “Do my systems have uniform configuration settings?” Why is this important? Systems are increasingly more complex, and maintaining control of your configurations leads to systems that run smoother and are more resilient to attack. A recent case study that supports this concept was presented in a blog post titled "What do you mean privilege escalation is not HIGH RISK?".

We’re really pleased to announce that Tenable has been nominated for two SC Magazine Reader Trust Awards!

• Best Security Information/Event Management (SIEM)
• Best Vulnerability Management Tool

We need your votes to win!

Here's how to vote for Tenable:

1. Click Here to access the SC Magazine Reader Trust Awards voting site
2. Sign in with the credentials SC Magazine has provided to you
3. Vote for Tenable in the categories of Best SIEM and Best Vulnerability Management Tool
4. You must vote in at least five categories, so please support your other favorite products too!

If you are an SC Magazine subscriber but don't have credentials, OR if you would like to subscribe AND get credentials, please contact SC Magazine directly.

Tenable has also been nominated in the Excellence categories of Best Enterprise Security Solution and Best Regulatory Compliance Solution.

Go Team Tenable!

Next up on our Nessus top ten list is #9, which covers how to use Nessus configuration auditing to discover information about your system configurations. The following video presents use cases and examples, from PCI compliance to detecting viruses:

Please visit Tenable's YouTube channel for more Nessus and SecurityCenter videos!

Sensitive Data is More than "Important"

All but one of this month's Microsoft Patch Tuesday updates relates to Microsoft Office applications and/or Windows components that handle documents (such as RTF, TXT, and Word Document files as described in MS11-071). The three Office-related bulletins are listed as "important" on the Microsoft site, despite the fact that they allow for remote code execution. Another bulletin, MS11-074, announces issues with Microsoft's SharePoint, a server application for sharing information and managing documents.

While I don't recommend completely ignoring Microsoft's risk categories, developing your own metrics for risk classification can go a long way to improving your defenses and patch management programs. Vulnerabilities that target Microsoft Office users who have access to sensitive data are a higher priority to patch. It’s critical to know where sensitive data lies so that you can identify if the data is at risk from these vulnerabilities. SecurityCenter's management and Nessus's auditing capabilities provide you with valuable information to identify where sensitive data resides in your network and help you prioritize your patch schedule.

For example, Nessus can perform a variety of content checks to look for credit card, financial, personal, copyrighted and other types of sensitive data. The dashboard below summarizes a variety of different types of sensitive data audits:

One of the things I like best about the dashboard shown above (which can be downloaded from this entry on the SecurityCenter Dashboard Site) is that you can overlay other types of results, such as the systems that contain vulnerabilities for which an exploit exists. If I had to prioritize a patch rollout, I might start with systems that have access to sensitive data and also have vulnerabilities that can be easily exploited.

To help evaluate the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:

• MS11-070 - Nessus Plugin ID 56173 (Credentialed Check)

Welcome to the Tenable Network Security Podcast - Episode 96

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #9".
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
• Ron Gula on using SecurityCenter's report iterator to create "cooler" detailed reports based on correlated events from the LCE (Log Correlation Engine)

Stories

• 15 Years of Software Security: Looking Back and Looking Forward - First a look back: Remember "Smashing the Stack for Fun and Profit"? Buffer overflows were all the rage and resulted in what the author calls "undesired functionality" in applications. Vendors tended to ignore the vulnerability disclosure process, and many more vulnerabilities and associated exploits floated around the Internet until vendors decided to patch them (or not). The security community as a whole grew up, many companies were created to sell products, and many got bought and folded into larger companies. Before we look into the future, what has really changed? Web applications have provided us with a newer form of the buffer overflow, as the vulnerabilities lead to "undesired functionality", and are as plentiful, if not more, than traditional buffer overflows were. The difference is that they are now spread across thousands of applications and many require end-user interaction. The author then looks into the future, which is dangerous depending on how you look at it. Since it hasn't occurred yet, you can make predictions and it doesn't matter if you were correct or not... it was just a prediction.

Welcome to the Tenable Network Security Podcast - Episode 95

Hosts

• Paul Asadoorian, Product Evangelist
• Jack Daniel, Product Manager
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #10".
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
• Ron Gula on using SecurityCenter's report iterator to create "cooler" detailed reports based on correlated events from the LCE (Log Correlation Engine)

Stories