Tenable Blog

Nessus users have a wide range of powerful options whose functionality is critical to a successful vulnerability scan, but whose meaning may not be completely clear. An example of this is the “Thorough tests” option. There is more to this option than meets the eye and knowing how to properly use it will help you customize your scan policies to your specific needs. By default, this option is disabled; however, of the more than 34,000 plugins available with Nessus, over 900 behave differently if this option is enabled. This blog describes what the feature does and provides some examples of where the option should or should not be used.

The “Thorough tests” option is located in the scan policy “Preferences” section of the Nessus 4.x web interface. Within this section choose the “Plugin” dropdown and select “Global variable settings”:

To use this option, click on the “Thorough tests (slow)” checkbox, which will trigger the “thorough_tests” keyword within the Nessus plugin script files (.nasl). The following sections describe its functionality.

Welcome to the Tenable Network Security Podcast - Episode 28

Announcements

• Several new blog posts have been published this week, including:
  • "Cloud" Security Recommendations
  • New Content Audit Policy File - PHI/PII for Unix Systems
  • Afterbytes: Chinese Academics Paper on Cyberwar Sets Off Alarms in U.S.
  • Treating Software as a Strategic Technology
• New Nessus training now being offered at conferences! - A new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback!
• We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed!
• You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Interview with Ron Gula - Vulnerability Scoring

The article: Chinese Academics Paper on Cyberwar Sets Off Alarms in U.S.:

Larry M. Wortzel, a military strategist and China specialist, told the House Foreign Affairs Committee on March 10 that it should be concerned because "Chinese researchers at the Institute of Systems Engineering of Dalian University of Technology published a paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S."

If you've been following the China cyberwar hype, you need to read the article referenced above. It offers some deep insight into how the hype-meisters spin the "facts" to increase the apparent magnitude of the threats. If you want to read some of the "fully spun" material, you should read Northrop Grumman's paper entitled: "Capability of the People's Republic of China to Conduct Cyberwarfare and Computer Network Exploitation". As a pretty serious amateur military historian, I'm fascinated by such documents because they illustrate the bizarre gyrations of the military/industrial complex's group-think. They seem so - rational - when you read them, but when you ask yourself "what does this mean?" you realize that it's an attempt to justify insanity. "One of the chief strategies driving the process of informatization in the PLA is the coordinated use of CNO, electronic warfare (EW) and kinetic strikes designed to strike an enemy's networked information systems, creating "blind spots" that various PLA forces could exploit at predetermined times or as the tactical situation warranted."

Welcome to the Tenable Network Security Podcast - Episode 27

Announcements

• Two new blog posts have been released titled "The Value Of Credentialed Vulnerability Scanning and Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition.
• New Nessus training now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. Its a two-day course that will put the student into a real-world environment, forced to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback!
• We're hiring! - Visit the web site for more information about open positions, there are currently 7 open positions listed!
• You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

How to Score at a Hacking Competition

Over the past weekend I participated in my second CCDC, or Collegiate Cyber Defense Competition.The event put college students in a defending role in five “Blue teams” and "real-world attackers" in the offensive role (pun intended) as the “Red team”. Points are incurred against the Blue teams when their systems become compromised, services are unavailable, or their systems go down. The defending team with the lowest score wins and is sent to a national "cyber exercise" competition. The event hosts a job fair, keynotes by speakers such as Marcus Ranum, a full spectator area and this year hosted two film crews who interviewed players and captured the action. You can watch the videos from last year's CCDC event on their YouTube channel.

At a hacking challenge it can be tough to keep the Red team in line and following the rules. However, the very nature of hacking involves breaking the rules! All of the Red team members did an excellent job of being hackers, and being responsible. While there is no Red team winner, we had some of the highest scoring Red teams in the event's history. You can read more about the Blue team winner and rankings on the CCDC web site.

Hacking challenges have become a bit of a hobby to me in the past few years. I've participated in two previous events and wrote about them here on the Tenable blog. The first was the NYC Capture the Flag event and the second was "Cyberdawn", a diverse cyber exercise. I learn so much by attending these events and participating as a "Red team" member. As the Red team, we set out to compromise systems, run a program that would update a scoring engine, maintain access and disrupt services and operations. It’s a tough balance to maintain; the more aggressive you become on the systems, the more the defending teams notice. Changing a password and locking the teams out incurs points, however they will notice and reset a password. Smart Red team members implant different ways to access the system, such as SSH key trusts and rootkits, to gain a foothold on the systems throughout the competition.

As the Red team captain, I developed a strategy for guiding and organizing the Red team members. We divided into sub-teams and assigned the following roles to each of the members: