Search Our Site

Our Newsletter

Our Ramblings

The Nessus Vulnerability Scanner

In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:

  • Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
  • Denials of service against the TCP/IP stack by using mangled packets
  • Preparation for PCI DSS audits

On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user.
According to surveys done by sectools.org, Nessus is the world’s most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide.

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap or Nmap) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests…).
Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.
If the user chooses to do so (by disabling the option ‘safe checks’), some of Nessus’s vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.
Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA’s guide for hardening Windows servers.

 

Q. What is included in the Nessus download?
A. When you download Nessus, you receive the Nessus 4.4 scanning engine (server) that includes a flash web-based client. To receive updates under either a ProfessionalFeed or HomeFeed, you will need to register your scanner.

Q. What OS platforms does Nessus have builds for?
A. Nessus 4.4 is available and supported for a variety of operating systems and platforms:
Debian 5 (i386 and x86-64)
Fedora Core 12, 13 and 14 (i386 and x86-64)
FreeBSD 8 (i386 and x86-64)
Mac OS X 10.4, 10.5 and 10.6 (i386, x86-64, ppc)
Red Hat ES 4 / CentOS 4 (i386)
Red Hat ES 5 / CentOS 5 / Oracle Linux 5 (i386 and x86-64)
Red Hat ES 6 / CentOS 6 (i386 and x86-64) [Server, Desktop, Workstation]
Solaris 10 (sparc)
SuSE 9.3 (i386)
SuSE 10.0 and 11 (i386 and x86-64)
Ubuntu 8.04, 9.10, 10.04 and 10.10 (i386 and x86-64)
Windows XP, Server 2003, Server 2008, Server 2008 R2, Vista and 7 (i386 and x86-64)

Q. What does Nessus 4.4 cost?
A. The Nessus 4.4 scanner is available as a free download.

Q. Where can I go for more information?
A. If you still have questions about Nessus 4.4, feel free to contact us, visit http://www.rustyice.co.uk/ or post to us via our contact link.

Which website shopping cart?

We have recently undertaken a study to determine which of the many shopping cart systems we should use on a customers website. After a long process trawling through the myriad of options we finally reached a shortlist of 8 candidates.

These candidates were:

  • Avactis
  • CS Cart
  • Cube Cart
  • Magento
  • OS Commerce
  • Prestashop
  • Virtuemart
  • Zen Cart

Now, with that part done the hard work begins.

The fact of the matter is that all of the choices in the list above are great ones. Any of these shopping carts will, with the right implementation, produce an excellent level of functionality on any website. The trick is to understand your own requirements first and identify which of the options most closely fits your own requirements, not only today but also your anticipation of what they will be in 6 months, 1 year and possibly even more.

So lets look at the pros and cons of each.

You can find the comparison HERE.

 

Security At the Edge: Locking Down the Network Perimeter

When securing your company’s network, it’s best to start on the edges — the perimeter — where the system interfaces with the rest of the world. It’s an approach that makes sense. While installing safeguards deep inside the network is a good idea for securing against some types of threats, you’ll generally get the broadest protection — and the biggest bang for your security buck — by building up protection along the edges.

To begin planning a perimeter-oriented network-defence strategy, one has to understand exactly where the perimeter lies and what technologies are involved. Put simply, the perimeter is the network’s boundary: the frontier where data flows in from (and out to) other networks, including the Internet. Perimeter defense functions like a checkpoint, allowing authorized data to enter unencumbered while blocking suspicious traffic.

Perimeter-checkpoint duty is handled by several different technologies, including border routers, firewalls and a variety of other specialized security products. Let’s take a look at each of these technologies and the roles that they play in perimeter security.

Border Routers: Network routers work much like traffic policemen, directing data into, out of and within networks. A border router is a special type of router: the one that stands between your network and an external network, such as the Internet. Therefore, the border router is like a traffic policeman posted at a spot located on the main road into a town — the one who spots the registration plate on the bad guy’s car. Since all Internet traffic passes through the border router, it’s a logical place for filtering.

Firewalls: A firewall’s basic job is to permit or stop data flowing into or out of a network. For perimeter defence, firewalls are available as software (installed inside a router) or as stand-alone hardware appliances. A firewall can provide services such as stateful inspection (analysing transactions to ensure that inbound packets were requested); packet filtering (blocking data from specified IP addresses and ports); and NAT (network address translation), which presents a single IP address — representing multiple internal IP addresses — to the outside world.

IDS (Intrusion Detection Systems):
An IDS protects networks by analyzing traffic for suspicious activity. If something unusual is detected, the IDS alerts the network administrator, who can then take action to stop the event that is taking place. In fact, an IDS is often described as a network burglar alarm. Various vendors offer IDS products with a range of different capabilities, enabling customers to easily find a system that most closely match their security and budgetary needs.

IPS (Intrusion Prevention Systems): An IPS is similar to an IDS, except that the product is designed to take immediate action — such as blocking a specific IP address or user — rather than simply issuing an alert. Some products also use behavioral analysis to spot and stop potentially dangerous data. The line between IDS and IPS technologies is blurring, so it’s now possible to find an IDS that incorporates IPS functions.

VPN (Virtual Private Networks): A VPN provides perimeter security by encrypting the data sent between a business network and remote users over the Internet. In essence, the technique creates a private tunnel through the Internet. VPN technology is widely popular and is used by enterprises of all sizes. The approach’s biggest threat is from an attacker who figures out a way of compromising an authorized user’s system, then gains control of an encrypted pathway into the company network.

DMZ (Demilitarized Zones):
Borrowing its name from the no-man’s-land created between North Korea and South Korea at the end of the Korean War, a DMZ is a neutral area that is created outside the firewall between a company’s network and an external network, such as the Internet. One way of forming a DMZ is to install a host (a dedicated server) that resides between the two networks. The DMZ host can initiate sessions for Web pages, email and other requests on the public network. The system can’t, however, initiate a session back into the company’s network — it can only forward packets that have already been requested. The technique prevents unrequested and potentially destructive data from entering a company’s network.

Perimeter network security works by providing several layers of protection at the network’s edge. Different security technologies working in unison create a fortress-like barrier that can thwart most types of attackers. Perimeter security can’t, however, block all attacks — particularly a DoS (denial-of-service) onslaught. Yet a well-planned system will efficiently deflect most network threats, providing peace of mind for business owners and managers, network administrators, and end users.

Web Security – The Problem

Web security has changed a lot in the past few years. It is no longer good enough to take a desktop antivirus scan engine and scan web content. URL filtering isn’t enough. It is not enough to put HTTP security on your corporate gateway.
The reason its not good enough to have a HTTP security gateway should be rather obvious. People go home. People travel. People work at client sites. People work at the Starbucks. An increasingly mobile workforce necessitates a mobile security solution.
URL filtering isn’t enough. URL filtering is reactionary and there are many new sites each day. When a legitimate site is compromised, URL filtering can categorize it as a malware serving site and block it. But how quickly will the site be rechecked after the virus is clean? Viruses are showing up on otherwise legitimate sites.

Sites can be compromised through lack of patching, through SQL Infection. In several cases advertising networks have inadvertently included malicious content. Some sites are potentially insecure by design. Web 2.0 sites accept user provided content with little controls in place. While some URL filtering solutions are better than others, it is an incomplete solution at best.

Some web security solutions are merely URL filtering combined with a desktop antivirus engine. I don’t think we need to rehash the failure of the antivirus engine. But there is better technology.

The best web security solutions (such as the Rustyice Solutions solution) include zero day protection as more than a marketing term. A web malware scanner is looking at the context of the file. The site its on. The number of requests for the file. The history.

Its then running it through heuristics in a way much more accurate than any desktop heuristic.

The web is a ready avenue of attack. Strengthened defenses against email and network attacks have left http the prime target for attackers.

Its a good time to be looking at alternative solutions. I think that SaaS web security has hit the sweet spot in what Gartner would call the hype cycle. Its at that point where you’re still on the leading edge but not on the bleeding edge.