Tenable Network Security Podcast - Episode 39
Welcome to the Tenable Network Security Podcast - Episode 39
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
Announcements
- Several new blog posts have been published this week, including:
- New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
- Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.
- We're hiring! - Visit the web site for more information about open positions. There are currently 9 open positions listed, including a Digital/Web Strategy Coordinator.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!
Stories
- Using DNS to Find High Value Targets - It never ceases to amaze me how much depth there can be in a protocol such as DNS. It sounds simple, right? Take an IP address and associate it with a name and vice versa. However, ever since my first lessons on network security I've looked upon it as a gateway of information, something to control and manipulate, and found all sorts of ways to make it evil. For instance, if you can find a large hosting provider in the cloud and associate it with a single industry or large conglomerate of corporations, by using DNS you can deduce that most of their systems reside on the same hosting server IP or IP addresses. By taking control of the underlying architecture, you can compromise several systems at once, giving you "more bang for your buck".
- Bypassing Restrictive Proxies Part 1, Encoded Executables and DNS Tunneling - Pretty neat way to "shovel a shell". First, you can create a VB script that can be downloaded and executed by the client. Then you can use some readily available tools to tunnel a connection to that malicious script over DNS. If you can't detect this in your network it should be a goal for you because you can be certain that attackers are using these very same techniques.
- The Untold Story of the World's Biggest Diamond Heist - 10 layers of security bypassed, inside jobs, insurance fraud, hairspray to bypass motion sensors, random garbage... this story has it all! It's a very lengthy and detailed article but shows two things: you are never as secure as you think you are, and most people get caught. It's the ones that don't get detected or caught that worry me.
- UnrealIRCd Trojaned Distribution - I've called this a nice way to build a Linux botnet. If you can compromise software that is included in all of the popular Linux distributions, then you can compromise any server installing that software. The more popular the software project you compromise, the bigger your botnet. Defensively, SHA-1 baby! This is scary, From the original advisory: "It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now."
- More Distributed SSH Attacks - So many systems on the Internet have weak passwords that attackers still spend time looking for them, and why not? A weak password on an already encrypted service, such as SSH, is a great way to gain control of a system. No exploits, no software vulnerabilities, memory protections, or return pointers. Just a good ol' fashioned default or weak password. We need to secure SSH; it's not that hard to tell SSH how to not use passwords in favor of keys, change the port, and change weak passwords. In fact, we'll learn how to do configuration auditing for that in the advanced Nessus course!
- Getting Into The Vault - Windows 7 comes with a password vault to keep your passwords "safe". However, if you've compromised a system, you have the same access to the vault as the user. This means you can log in to the same resources as the currently logged in user!
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Podcast