April 23, 2014

The Top Nine Best Practices for Network Scanning

(LiveHacking.Com) — Systems admins and security personnel looking to get the most out of their network scanners want to make sure they are using their tools in the right way. Follow these nine best practices for network scanning, and you’ll get the best bang for your buck out of your network scanner.

1. Update regularly

Generating general network reports

Generating general network reports (Source: gfi.com)

A network scanner helps you to find when your systems are out of date, and with new vulnerabilities discovered regularly, it is critical that you update your scanner each time you go to use it. Either set up a process to check for updates daily, or run the update process each time you go to perform a scan.

2. Scan early, often, and on a schedule
Using a network scanner should be a regular part of your systems security and maintenance. You should scan early in the deployment of any new system, and scan your entire network on a regular basis, not just when someone reads about a new vulnerability. By the time a new vulnerability makes it into the press, the bad guys already know about and are attempting to exploit it.

3. Scan new systems before they go into production
You want to make sure a system is fully up-to-date before it goes into production, so you can patch it as necessary. Once it is in production change control will apply.

4. Scan everything
Scanning a subset of systems may be quicker, but scanning your entire IP range makes sure you catch everything, including those rogue systems that someone deployed outside of your normal processes.

5. Scan internally
Whether the threat is a malicious user, a worm, or just someone with too much curiosity, don’t assume your firewalls will protect your internal systems. Scan everything you have internally to make sure all systems are up-to-date.

6. Scan externally
Attackers are scanning your external networks regularly. See what they see by scanning your systems from an external network so you know exactly what is accessible to the rest of the world.

7. Check those deltas
When you perform regular scans, you can see what changes over time. Investigate any deltas between one scan and the next to confirm that any changes were appropriate and authorized.

8. Share the results
Too many companies keep the security scans a closely guarded secret. I don’t suggest you publish the results on your website, but make sure that all the admins are aware that you are scanning, see what you find, and know where their systems stand.

9. Remediate what the scanner finds
Using your network scanner to find vulnerabilities is only half the task; you must remediate what the scanner finds. Make sure that senior management understands the results of the scan, and makes remediation a priority.

Follow these nine best practices for network scanning to get the best use of your network scanner. Don’t underestimate the importance of that first step. New vulnerabilities are discovered regularly, and checking your systems with an outdated scanner is as bad as running with outdated virus definitions. The sense of false confidence can lead to disaster. Maintain your network scanner like the fine tool it is, and you’ll get years of great use out of it, helping maintain secure and updated systems.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Secunia Released Secunia Personal Software Inspector 3.0

(LiveHacking.com) – Secunia, the Danish IT security solution provider has released Secunia Personal Software Inspector 3.0.

Secunia Released Secunia Personal Software Inspector 3.0

Secunia Released Secunia Personal Software Inspector 3.0

According to Secunia official press release which has been sent to LiveHacking.com; The Secunia PSI 3.0 is a free personal vulnerability scanner which identifies software applications that are insecure and in need of security updates, or patches.

Secunia PSI 3.0 New Features & Improvements

  1. Simple User Interface: The new and simplified user interface displays the key information that users need to know such as scan results, the security status of installed software, and the last update dates. Further, the new settings menu allows users to select whether or not to install updates automatically, and which drives are to be scanned.
  2. Automatic Patching: Secunia PSI 3.0 receives automatic updates for all software supported by the application.
  3. Localization: The Secunia PSI 3.0 can be installed in any one of five languages including French, Spanish, German, Danish and English.
  4. Program Ignore Rules: Users have the ability to ignore updates to a particular program by creating ignore rules.
  5. Scan History: Reports about the updates installed and scans conducted can be accessed at any time through the history feature.

The Secunia PSI 3.0 is available to download here.

Tenable Network Security Released Nessus 5.0.1

(LiveHacking.Com) — Tenable Network Security has released version 5.0.1 of its famous vulnerability and configuration assessment scanner, Nessus.

Nessus 5.0.1 is a bug fix and enhancement release with the focus on a packet forgery fix on Windows setups and a compatibility fix on reading 64-bit database on a 32-bit systems and vice-versa.

Here is the list of enhancements and bug fixes with reference to Nessus 5.0.1 release announcements:

  • Resolved an issue where packet forgery was not working on some Windows setups
  • Improved the Windows installer which would fail on some setups
  • Fixed several thread synchronization issues leading to a crash in certain situations
  • Imported v1 reports are more legible
  • Nessus can now read a 64-bit database on a 32-bit system and vice-versa
  • Identified and resolved a minor memory leak issue occurring on all platforms
  • Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash
  • Workaround for CVE-2011-3389
  • Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator
  • Restored the ability to log in via certificate authentication on port 1241 when “force_pubkey_auth = no
  • This version of Nessus now includes OpenSSL version 1.0.0h

Nessus 5.0.1 can be download from here.

5 Threats Posed by Vulnerabilities

(LiveHacking.com) – A vulnerability scanner is an essential tool for any systems administrator. Vulnerabilities on your network and in your software can easily lead to compromised systems. There is a false impression that it requires a lot of skill to compromise a computer system. However, in reality, the number of incidents where machines are compromised due to trivial events is substantial. And these could all be identified and prevented up by a good vulnerability scanner.
In this article we outline five threats posed by vulnerabilities and juxtapose them with five real-life cases.

1. Change to a network - In 2004, a postal bank office in Israel suffered a break-in. A quick investigation found that nothing went missing, so the whole episode was dropped as some prank. In the following days however, the office noticed that tens of thousands of shekels were going missing. A more thorough investigation revealed a rouge access point installed on the network. The thieves had broken into the postal bank office to install it a few days earlier. The break-in obviously went unnoticed. A vulnerability scanner would have done a wealth of good in this case as it monitors changes to the network, advising the administrator when hardware is added or removed. Such an action would have alerted the administrator of the rouge access point the minute it was installed.

2. Creation of an account and irregular use - In April 2011, a story broke out about a former Gucci employee illegally accessing Gucci systems and causing $200,000 worth of damage. It all started when the Gucci employee was fired. His administrator promptly disabled his accounts as good security practices recommend. However, before being fired, the employee had created a fake user account that the administrator was not aware of, and which he then used to access Gucci systems. In this case, a good vulnerability scanner would have proved useful in detecting the threat firstly by alerting the administrator when the account was created, and secondly by notifying them when the account had been used on an irregular basis, so the administrator could then delete the unnecessary account.

3. Deploying a patch - On April 13, 2004, Microsoft released a patch for a security flaw in its Windows operating system. A few weeks after the patch was made available, a malicious computer worm was released on the internet. This Sasser worm exploited the vulnerability and caused wide-spread chaos even though companies had a few weeks’ head start to deploy the patch. This caused a news agency to lose satellite communications for hours, an airline to cancel flights and a financial institution to close 130 of its offices due to widespread infection. An important function of a vulnerability scanner is to scan the network for vulnerable applications for which a patch is available and inform the administrator. Provided the administrator is proactive in testing and deploying the patch, a few weeks would be more than enough to secure a network.

4. Creation of blank passwords - One of the top hacker stories recurring in the news over the past five years is that of Gary McKinnon. Out of his conviction that the United States government had certain information about extraterrestrials and knowledge of anti-gravity and free energy, in February 2001, McKinnon started looking for proof by trying to gain unauthorized access to US military and NASA’s computer systems . He allegedly scanned the system for administrator accounts using blank passwords, and actually managed to find quite a few systems, which he then compromised. A good vulnerability scanner will help in two ways in such a situation. First and foremost, it will scan and report on a system’s password policies, enabling the administrator to determine if users can create weak passwords. Additionally, a vulnerability scanner will also check administrator accounts for blank passwords.

5. File sharing software -We all know that the US military takes secrecy seriously, and there is no doubt that some of the most secretive details revolve around the presidential helicopter defense system. In March 2009, however, news broke out that details about Marine One’s missile system were being shared on a P2P network from a computer in Iran. It turned out that an employee of the contractor in charge of the helicopter had installed file sharing software and inadvertently shared the classified file. The dangers of file sharing software in relation to data leakage are well known. A good vulnerability scanner will not only inform the administrator if new software is installed on a system but also when file sharing software is installed on a scanned computer.

These threats could have easily been brought to the attention of the systems administrator by means of a vulnerability scanner. Vulnerabilities can cause a number of issues that can lead to a system compromise. The number is so staggering that it might not be possible to stay ahead without a systems support. A good vulnerability scanner nowadays checks for many vulnerabilities at the click of a button and can indeed provide the necessary information to help an administrator avoid many pitfalls, such as those discussed in the five examples above.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

4 Important Reasons to Use a Vulnerability Scanner

(LiveHacking.Com) — As a network administrator, could you honestly say that you are up-to-date on every new vulnerability which could affect the security of your operating systems and software products on your network? The sheer volume and frequency of this information makes it extremely difficult for a single individual to know it all, and other day-to-day tasks often get in the way. Using a vulnerability scanner can take off some of this responsibility from your shoulders, giving you peace of mind. Here are four reasons why using a vulnerability scanner will make your life easier:

GFI LANguard - Dashboard

GFI LANguard - Dashboard

  1. Good vulnerability scanners make use of highly detailed databases of known vulnerabilities and scan your systems to give you a realistic view of how secure they are. An extraordinary amount of manual checking would be required to stay in control of this without the help of dedicated software.
  2. It is practically impossible to manually keep track of certain small issues, such as individual open ports on a laptop or an antivirus product disabled by a user. Using a vulnerability scanner to alert you to these new security glitches reduces the quantity of manual checking that is otherwise required to ensure they don’t go unnoticed.
  3. Change management can be burdensome for a busy IT team, but if you fail to stay on top of it, it can be difficult to track the cause of new problems on your systems. A good vulnerability scanner maintains a list of significant network changes, and can also alert you to changes you may otherwise have been unaware of – a very useful feature if you have several technicians all capable of making configuration adjustments.
  4. You probably don’t enjoy trying to keep control of the numerous patches that have to be installed on your networked systems. Ranging from large operating system service packs to small patches that seal holes in software utilities, updates cannot be ignored. You can however minimize the late nights in the office and dark weekends in the server room by making use of the patch management facilities that form part of a robust vulnerability scanner solution.

These solutions also lower the risk of forgetting to apply important updates to those machines not instantly visible, such as the laptops hidden in desk drawers. Software auditing features can alert you when a machine appears on the LAN inadequately patched. Without these alerts, a computer runs the risk of being unprotected until is it picked up during your next manual update—not something that will be fun to explain to a chief executive if it results in your system being exploited.

Vulnerability scanners can remove some of the more routine and, let’s face it, sometimes rather dull tasks involved in managing an office network. At the same time, these solutions can help to ensure you meet all of your compliance obligations. Most importantly, they can help you, as an IT professional, to sleep more soundly at night!

Editor note: This guest post was provided by Ben Taylor on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI vulnerability scanner .

Disclaimer: All product and company names herein may be trademarks of their respective owners.

 

First Beta of the Vega Vulnerability Scanner Released

The first beta of Vega, an open source tool to test the security of web applications, has been released. Vega can help find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other types of vulnerabilities. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection and can be extended using Javascript.

The automated scanner crawls a web application, analyzing pages, looking for interesting content and injection points. Vega runs modules on the web application that test for vulnerabilities or analyze content. These modules are written in Javascript and are entirely customizable. Vega modules can generate alerts to make users aware of the findings.

The intercepting proxy is situated between a browser and the target application, intercepting all requests and responses between them. Users can view the interaction of the client with the website, intercepting and modifying requests and responses to probe and verify possible vulnerabilities. The proxy is also capable of intercepting HTTPS communications with dynamically generated man-in-the-middle certificates.

Written in Java, it runs on Linux, OS X, and Windows and can be downloaded from here.

Nmap 5.59BETA1 Released!

The Nmap development team has released Nmap 5.59BETA1. This new version includes 40 new NSE scripts, improvement in IPv6 scan, 7 new NSE protocol libraries and hundreds of bug fixes.

The new version of Nmap is able to detect services such as Apple iPhoto (DPAP) protocol probe, Zend Java Bridge probe, BackOrifice probe and GKrellM probe. Nmap service and version detection database reached to 7,375 signatures in this new version.

Nmap 5.59BETA1 source code and binary packages for Linux, Mac, and Windows are now available for download at http://nmap.org/download.html .

Nmap (Network Mapper) is a free and open source utility for security auditing. It is licensed under version 2 of the GNU General Public License.

Rapid7 and Modulo Partner to Bring Rich VulnerabilCompliance Data to Leading GRC Solution

Rapid7®, the leading provider of unified vulnerability management and penetration testing solutions, and Modulo, a leading provider of enterprise governance, risk and compliance (GRC) solutions, announced a technology integration that enables global customers to better manage their organizations’ risk by automating the collection and analysis of security intelligence across IT assets. Critical vulnerability, misconfiguration and policy violation data identified by Rapid7 NeXpose® scans can then be assessed, prioritized and remediated by Modulo Risk Manager™ NG to centrally manage, track and report security and compliance risks and make more informed business decisions.

Rapid7 NeXpose is the only integrated vulnerability management solution that allows organizations to manage network, operating system, Web application and database security strategies. Additionally, NeXpose is the only vulnerability management solution to use real exploit intelligence to perform risk classification and deliver prioritized remediation reports.

The Modulo Risk Manager NG governance, risk and compliance management solution allows the platform to consistently and repeat-ably demonstrate multi-regulatory compliance, pass demanding audits and reduce security threats before they cause costly damage to the organization – while eliminating duplication of effort through automation. Modulo NG brings together product innovation based on feedback from more than 1,000 customers and 25 years experience in the GRC space. Ease of deployment and use, straightforward integration and a distinctive emphasis on worldwide requirements are a few areas in which Modulo is recognized.

Source:[http://www.rapid7.com/news-events/press-releases/2010/2010-modulo.jsp]

Secunia Releases Personal Software Inspector (PSI) Version 2.0

Secunia has released version 2 of its Personal Software Inspector (PSI) application.

According to Secunia, the Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose the PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly “popular” among criminals.

The only solution to block these kind of attacks is to apply security updates, commonly referred to as patches. Patches are offered free-of-charge by most software vendors, however, finding all these patches is a tedious and time consuming task. Secunia PSI automates this and alerts you when your programs and plug-ins require updating to stay secure.

Download the Secunia PSI here.

Source & Screen-shot:[secunia.com]

GFI Software adds vulnerability scanning and security patch management to GFI MAX RemoteManagement

GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today announced it has added vulnerability scanning and security patch management to GFI MAX RemoteManagement, its award-winning remote management and monitoring solution. Managed Service Providers (MSPs) and IT support companies can now deliver cost-effective patch management to boost profits and reduce security risks for their clients.

GFI MAX RemoteManagement is an IT managed services software solution that makes it easy to stay on top of customers’ servers, desktops, networks, hardware and software with its monitoring and management, inventory tracking and automated server and desktop maintenance tools. Thousands of IT support companies, VARs and MSPs use GFI MAX RemoteManagement to maximize revenues, minimize costs and deliver exceptional customer service. It can be installed and set up in 10 minutes and requires no training, hardware or contractual commitments.

“We know security vulnerabilities remain amongst the most disruptive and damaging types of problem experienced in real-world networks, causing lost time and potentially security breaches to customers. This in turn can soak up large amounts of time remediating the problems and cleaning up the systems. The variety and number of threats continue to increase and it is impractical to manage them without effective tools to automate the process,” said Alistair Forbes, General Manager, GFI MAX.

“To overcome this problem, GFI MAX RemoteManagement now includes the award-winning technology of GFI LANguard™, to provide best-in-class vulnerability scanning and patch management capabilities via GFI MAX RemoteManagement™. This provides an effective and efficient solution not only for Microsoft Windows and Office applications, but also non-Microsoft applications such as Adobe Reader, Adobe Flash Player, Adobe Acrobat, Adobe Shockwave, Mozilla Firefox, Mozilla Thunderbird, Java, Opera and Quicktime.” he added.

With vulnerability and patch management for servers and workstations managed easily through GFI MAX RemoteManagement’s intuitive dashboard, MSPs and IT support companies can deliver a high value service to reduce their customers’ risk of downtime and identify and rectify security holes in their networks by scheduling the installation of security patches. The patch overview report provides a clear and complete summary of how GFI MAX RemoteManagement has helped to ensure these machines are up-to-date and secure.

Patch management in GFI MAX RemoteManagement is priced competitively in relation to standalone products and customers pay only for the devices with patch management enabled. Moreover, for customers already making extensive use of the existing product features, there’s no extra charge to use patch management on servers as it is included in the low capped monthly server price.

More information on GFI MAX RemoteManagement and patch management capabilities can be found here: http://www.gfi.com/it-managed-services-software/features/patch-management.

About GFI MAX RemoteManagement
GFI MAX RemoteManagement delivers an easy, affordable solution for IT support providers, Value Added Resellers (VARs) and Managed Service Providers (MSPs) who are looking to take better care of their clients at less cost. GFI MAX RemoteManagement (RMM) solution includes server, network and workstation monitoring and management, asset tracking, client reporting and remote access.

Source:[gfi.com]