Tenable Blog

Tenable is pleased to announce the release of the Tenable Virtual Appliance! The appliance replaces the Nessus VM Appliance and provides a preinstalled image of all Tenable applications in one easy to configure interface. The Tenable Virtual Appliance is available for Tenable customers and is provided for use with VMware Server, VMware Player and VMware ESX Server. Currently, Nessus and Security Center applications are available on the appliance with the Log Correlation Engine and Passive Vulnerability Scanner to be released soon. Tenable ProfessionalFeed customers can download the latest version of the Tenable Virtual Appliance along with any available updates from the Tenable Support Portal.

A "Rogue" Access Point

Detecting and preventing rogue wireless access points is a major concern for many organizations. It is important to ensure that all wireless networks are established and configured in compliance with the organization’s policies and standards for wireless networks. The problem is that it is very easy for a user to establish a rogue wireless access point either inadvertently or deliberately. A wireless access point plugged into your network will typically have an Ethernet connection tied into some part of your LAN, and provide wireless access to an attacker that bridges the connections. Users could put one on the network for convenience, or a company provisioned access point could be misconfigured by the IT department. Recently the PCI standards council has produced a document called "The Information Supplement: PCI DSS Wireless Guideline", that outlines the recommendations for securing wireless networks for PCI DSS compliance. This is a good reminder of the importance for organizations to continually seek out rogue access points in their environments and remove them.

Scanning web applications with Nessus offers the end user several new configuration options in the Nessus client. You should take into account:

• Number of web servers and applications being scanned
• Size of the applications (e.g. how many parameters does each CGI application have?)
• Depth and scope of the scan with respects to the type of tests being performed and how exhaustive they should be

This video demonstrates how to setup Nessus to scan a web application using the new options:

Security and usability do not mix

PHP has a horrible reputation in the security industry based on a long history of vulnerabilities and vendor resistance to fixing them and improving security practices. It suffers from a common problem; the technology is designed to be easy to use, and therefore a high level of security is difficult to achieve. Many who are new to web application programming use PHP, but often do not pay attention to security. In addition poor developer coding practices, PHP itself presents many vulnerabilities in its default configuration even when seemingly harmless coding practice is in use. This leaves a plethora of vulnerable applications, some home grown, many open-source and some commercial. As a result, many of these applications suffer from web application specific vulnerabilities. To give you an idea of just how many PHP specific vulnerabilities there are, I ran some searches on the OSVDB web site. Below are the results:

Finding the Needle in the Haystack

It is important to know what applications and services are in your environment to properly evaluate risk. Recently, a question was posed about detecting phpMyAdmin, a popular application for managing MySQL databases. We've previously explored how this application could be used to take over a system, demonstrating the risk this application may pose. There are several actions to perform when searching for applications on your network (in this case we are searching for a web application). This blog post describes how Nessus can be used to perform the following actions:

1. Detect if the application is running
2. Test for known vulnerabilities
3. Detect if the application is patched
4. Evaluate the authentication mechanism
5. Find any unknown flaws
6. Check the security configuration of the host