Auditing Rackspace Accounts with Nessus®
Just a few years ago, if you were planning a new infrastructure deployment to support new workloads, you would have expected questions related to architecture, networking, air conditioning, server room real estate and so on. But today you shouldn’t be surprised if the discussion quickly moves towards clouds, blue skies and space. I am, of course, referring to cloud services such as Amazon AWS, Microsoft Azure and Rackspace.
Cloud infrastructure-as-a-service (IaaS) products such as Rackspace are increasingly considered a real alternative deployment method while building out new or scaling existing IT infrastructure. And why not? Assets can be quickly deployed in an IaaS service, they are relatively cheaper for short term projects and and can bypass any long lead times your IT department may have when provisioning new assets.
As more and more firms move their workloads into the cloud, keeping a handle on what’s deployed in the cloud (and keeping it secure) is becoming a priority
So what should you do if you find yourself in a position where you are required to support workloads in the cloud? Well, you should carry over some lessons learned from on-premises deployments to the cloud. For example, maintain an inventory of all your resources, user accounts and their respective roles (especially admins) and also keep track of any unauthorized changes.
With the release of Nessus 6.4, you can do all that and much more while auditing Rackspace accounts.
Here are some highlights of the new Rackspace plugin.
Rackspace deployment snapshot
When the IT infrastructure of an organization embarks on a gradual migration to the cloud, one thing becomes apparent very quickly: it becomes difficult to keep track of all the resources that are deployed in the cloud all the time. This is especially true when multiple users have the privileges to provision new resources on demand.
Tenable’s Rackspace plugin reports all the resources that are deployed in Rackspace in a single result
Wouldn’t it be nice if you could figure out what resources (servers, databases, networks, users) are deployed in the cloud in a single glance? Tenable’s Rackspace plugin does just that. It reports all the resources that are deployed in Rackspace in a single result.
Changes since last scan (configurable)
Another challenge with cloud deployments is keeping track of what changed since the last scan. For example, which new servers were added or what new domains were created in the last X days. The Rackspace plugin provides a configurable variable value, which can be used to track such changes.
XPath meet jq
Once you put the Rackspace plugin to good use, two things will become obvious. One, the output is in JSON format, and second, some magic happens between what’s returned by Rackspace (in JSON) and the transformed output viewed in the Rackspace plugin. That magic is jq.
When we think about transforming XML documents into a human readable format, the simplest solution is to use a combination of XSLT and XPATH libraries. But the answer is not so obvious when it comes to transforming JSON. There are almost no good libraries which could be readily used in a product. And without a good JSON processor, there is not much that a plugin can do while dealing with JSON. So what did we do? We built a JSON processing library from scratch in the Nessus Attack Scripting Language (NASL). It’s modeled after jq (a JSON processor). You can try it in the online jq library. There is a good chance that if your filter works on the jqplay website, then it will work in the Rackspace plugin as well, since we support most of jq’s features. We are already putting this library to good use in our recently announced MDM Audit plugin.
Sample result
Conclusion
As more and more firms move their workloads into the cloud, keeping a good handle on what’s deployed in the cloud (and keeping it secure) is becoming a priority. Last year, we released auditing support for Amazon AWS, and now we are following up with Rackspace; there is a lot more to come! So regardless of which IaaS provider you use to deploy your IT assets, Tenable products will have an audit solution to address your needs.
Related Articles
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
Establishing a Cloud Security Program: Best Practices and Lessons Learned
September 26, 2024As we’ve developed Tenable’s cloud security program, we in the Infosec team have asked many questions and faced interesting challenges. Along the way, we’ve learned valuable lessons and incorporated key best practices. In this blog, we’ll discuss how we’ve approached implementing our cloud security program using Tenable Cloud Security, and share recommendations that you may find helpful.
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Cloud
- Plugins
- Vulnerability Management