by Ron Gula on October 13, 2009
I recently observed a SSH worm in progress at one of the research sites running our suite of products. I was looking into a spike of SSH events that had been alerted on by the Log Correlation Engine’s stats daemon. Filtering on the remote IP address (that came from the 240.0.0.0/8 Class A address space) that was causing the anomalies, displayed this screen:
by Paul Asadoorian on October 9, 2009
It was interesting to see that the top scorer in the game (who went by the handle of "ftp", and coincidentally had 21 scores in the first day of game play!) did not use fancy new exploits, 0day attacks or a wide range of open-source or even commercial tools. He was able to gain access to systems because the teams left default or easily guessable passwords set on some of the Linux servers. He used SSH to login to the systems, then SCP to upload some Python code, that was used to update the scoring engine. From there he was able to maintain access, not by rootkit technology or anything sophisticated, but just hiding in plain sight. The Python script makes a TCP connection to the scoring server and sends a message. It was moved into a file called "/dev/vfat", to make it look like a system file. Next, a shell script was written to call the python script every ten minutes. This file was called "getty" and ran in the background, and was also inserted into the startup scripts to ensure it kept running. The teams never found these processes running and "ftp" won the game, no exploits required.
by Ron Gula on October 8, 2009
by Paul Asadoorian on October 7, 2009
Over this past weekend I attended Cyberdawn, a cyber exercise that was hosted by Battlefield High School in Haymarket, Virginia.
Sidebar: What is a Cyber Exercise?
“A cyber exercise is a live computer network attack and defense event. A typical exercise runs at least one day for a small team and up to five days for large organizations or multiple teams. Teams generally fall into two categories: attackers (Red Team) and defenders (Blue Team). Defenders are scored on their ability to keep their IT systems up and functional in support of their business processes. Attackers are scored on their ability to disrupt business operations.”See http://www.whitewolfsecurity.com for more information. |
by Paul Asadoorian on October 6, 2009
Welcome to the Tenable Network Security Podcast - Episode 6
by Ron Gula on October 5, 2009
Nessus, the Security Center and Passive Vulnerabiltiy Scanner were awarded a Reader's Choice award from Information Security magazine and SearchSecurity.com. The winners “were selected based on extensive, in-depth discussions and interviews between the editors of Information Security magazine and SearchSecurity.com and over 1,700 information security executives and managers, who were asked to assess and rate products deployed within their organizations from a listing of more than 380 products spanning 17 product categories. The judging panel then selected Gold, Silver and Bronze award winners within each product category.”
by Paul Asadoorian on October 1, 2009
When analyzing network traffic it’s typically not as important to look at the contents of the packets; rather the information about them, where they are going and how they got there. This “network metadata” (often referred to as NetFlow data) can reveal interesting information about your network and often uncover misconfigurations, policy abuses and security incidents. I relate it to the movie "The Matrix". In the movie there is a scene where the characters are looking at computer screens displaying “the matrix”. Those who are not accustomed to looking at the matrix will not see "The Blonde" or the "Brunette", but will just see a bunch of green characters.
by Paul Asadoorian on September 28, 2009
Welcome to the Tenable Network Security Podcast - Episode 5
by Paul Asadoorian on September 23, 2009
The current version of the Nessus 4.2 client and server is labeled as "ALPHA1" and is still very much in development. However, the new client interface has been completely overhauled, moving to a web-based interfaced. This introduces a substantial change for the end user without significantly changing the features they are accustomed to. We wanted everyone to get a sneak preview of the new version, see some of the new features and give feedback early in the development phase.
by Marcus J. Ranum on September 22, 2009
At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it here, on the TED site. I highly recommend it - there's lots of interesting and quirky stuff. I managed to talk him into giving me a copy of his powerpoint file, and subsequently tracked him down and am re-posting this material with his permission.
Machine Log #1
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Choose your subscription option:
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Choose your subscription option:
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
$3,578
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Get the Operational Technology security you need.
Reduce the risk you don’t.
Don’t wait for an attack--eliminate risks before they’re exploited.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Exposure management for the modern attack surface.
Know the exposure of every asset on any platform.
Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.
Thank you.
You should receive a confirmation email shortly and one of our Sales Development Representatives will be in touch. Route any questions to [email protected].
Interested in streamlining security and IT collaboration and shortening the mean time to remediate with automation? Try Tenable Patch Management.