SlideShare a Scribd company logo

Enterprise Vulnerability Management - ZeroNights16

Alexander Leonov
Alexander Leonov

Presentation by Alexander Leonov, Ekaterina Pukhareva, Alex Smirnoff ZeroNights Security Conference, 18.11.2016, Moscow

Software
1 of 30
Download to read offline
Enterprise Vulnerability Management Alexander Leonov, Ekaterina Pukhareva, Alex Smirnoff
1. A variety of Vulnerability Scanners 2. Experience in the use of Tenable SecurityCenter and Nessus 3. How to make an efficient vulnerability management? 4. Vulnerability Scanner as a valuable asset 5. Beyond scanners Content
A variety of Vulnerability Scanners
•When the scan is finished, the results may already be outdated •False positives •Per-host licensing Knowledge base •How quickly vendor adds new vulnerability checks? •No scanners will find all vulnerabilities of any software •Some vulnerabilities may be found only with authorization or correct service banner •You will never know real limitations of the product A variety of Vulnerability Scanners Some problems
A variety of Vulnerability Scanners Nessus vs. Openvas All CVEs: 80196 Nessus CVE links: 35032 OpenVAS CVE links: 29240 OpenVAS vs. Nessus: 3787;25453;9579
A variety of Vulnerability Scanners Nessus vs. Openvas All CVEs: 80196 Nessus CVE links: 35032 OpenVAS CVE links: 29240 OpenVAS vs. Nessus: 3787;25453;9579 2673 OpenVAS plugins 6639 Nessus plugins 38207 OpenVAS plugins and 50896 Nessus plugins All NASL plugins: OpenVAS: 49747 Nessus: 81349
•“Old” vulnerabilities •Vendor forgot to add links to CVE id •Vulnerabilities in plugins (N: WordPress VideoWhisper) •Don’t support “Local” software (N: openMairie) •Stopped adding new vulnerabilities (N: vBulletin, O: Solaris) Why?
In other words •Vulnerability Scanner is a necessity •Don't depend too much on them •Scanner does not detect some vulnerability — it’s YOUR problem not your VM vendor •Choose VM solution you can control •Have alternative sources of Vulnerability Data (vulners.com, vFeed)
Sometimes a free service detects better
•Linux OS vulnerability scan •Immediate results •Dramatically simple https://vulners.com/#audit Vulners Linux Audit GUI
•RedHat •CentOS •Fedora •Oracle Linux •Ubuntu •Debian Vulners Linux Audit GUI
Vulners Linux Audit API curl -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d '{"os":"centos","package":["pcre-8.32-15.el7.x86_64", "samba-common-4.2.3-11.el7_2.noarch", "gnu-free-fonts-common-20120503-8.el7.noarch", "libreport-centos-2.1.11-32.el7.centos.x86_64", "libacl-2.2.51-12.el7.x86_64"],"version":"7"}' https://vulners.com/api/v3/audit/audit + Agent Scanner
Experience in the use of Tenable SecurityCenter and Nessus Architecture
Experience in the use of Tenable SecurityCenter and Nessus Architecture
Experience in the use of Tenable SecurityCenter and Nessus Discovery Finding a live host Assessment What assets? Analysis What to fix first? Remediation Fix the problem • What time for fixing? • Risks? Scan: • External and Internal perimeters Scan for specific assets: • Workstations, Network Servers • What CVSS score? • Fixing • Accepting risks
Experience in the use of Tenable SecurityCenter and Nessus Reporting and dashboards
Nessus .audit files (built-in or highly customized plug-ins) - Operation systems (SSH, password policy, local accounts, audit, etc.) - Databases (privileges, login expiration check, etc.) - Network devices (SSH, SNMP, service finger is disable, etc.) - Etc. Experience in the use of Tenable SecurityCenter and Nessus Compliance checks Checking the PCI DSS requirements and others
Experience in the use of Tenable SecurityCenter and Nessus Homemade Reporting Graphs: • MS Critical + Exploitable • MS Critical • MS Other • Windows Software Tables: • Legend • Top vulnerable hosts • Top vulnerabilities
Experience in the use of Tenable SecurityCenter and Nessus Homemade Ticketing
● Scanners updating by scripts ● New plugins ● Log-management and monitoring ● Harmless pentest ● FalsePositive ● Authentication Failure Experience in the use of Tenable SecurityCenter and Nessus Usage Problems
Nessus Agents
Vulnerability Scanner as a valuable asset Dangerous audit file
Domain + two-factor authentication Role model in SecCenter Monitoring of using nessus account Vulnerability Scanner as a valuable asset Monitoring
Restricting Nessus permissions Defaults:scanaccount !requiretty Cmnd_Alias NESSUSAA = /bin/sh -c echo nessus_su_`echo [0-9]*[0-9]` ; *; echo nessus_su_`echo [0-9]*[0-9]` Cmnd_Alias NESSUSXA = ! /bin/sh -c echo nessus_su_`echo [0-9]*[0-9]` ; *;*; echo nessus_su_`echo [0-9]*[0-9]` Cmnd_Alias NESSUSXB = ! /bin/sh -c echo nessus_su_`echo [0-9]*;*[0-9]` ; *; echo nessus_su_`echo [0-9]*[0-9]` Cmnd_Alias NESSUSXC = ! /bin/sh -c echo nessus_su_`echo [0-9]*[0-9]` ; *; echo nessus_su_`echo [0-9]*;*[0-9]` scanaccount ALL = (root) NESSUSAA, NESSUSXA, NESSUSXB, NESSUSXC Not officially supported May stop working anytime More like security through obscurity rather than efficient protection
What is still wrong (from NopSec “2016 Outlook: Vulnerability Risk Management and Remediation Trends”)
Risk management? Asset management? Threat intelligence? Detecting scanning gaps? Do you really need expensive “state of the art” solution? ..and what’s beyond vulnerability scanning?
For pentesters For splunk, big data and fancy tech HUBBLESTACK.IO For the rest of us There is an alternative
Import all you scans data to the database ..do anything you want! Monitor changes, create scopes, custom reports, whatever Avoid VM vendor lock-in Simple as that
We do not have critical asset inventory! Wait.. we do. It is called “monitoring” Use zabbix data to create asset lists Push back alerts to zabbix Use case: asset management
Create exploit capabilities description (CVSS sucks!) Add environment data (internal and external scans at least) Add anything you want (threat intel) No part is mandatory! Use case: advanced risk management

Recommended

Nikto
NiktoNikto
NiktoSorina Chirilă
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Jenkins
JenkinsJenkins
JenkinsMohanRaviRohitth
 
Webinar OWASP Zed Attack Proxy (ZAP)
Webinar OWASP Zed Attack Proxy (ZAP)Webinar OWASP Zed Attack Proxy (ZAP)
Webinar OWASP Zed Attack Proxy (ZAP)Alonso Caballero
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CDSimon Bennetts
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful toolsmilad mahdavi
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 

Recommended

Nikto
NiktoNikto
NiktoSorina Chirilă
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Jenkins
JenkinsJenkins
JenkinsMohanRaviRohitth
 
Webinar OWASP Zed Attack Proxy (ZAP)
Webinar OWASP Zed Attack Proxy (ZAP)Webinar OWASP Zed Attack Proxy (ZAP)
Webinar OWASP Zed Attack Proxy (ZAP)Alonso Caballero
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CDSimon Bennetts
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful toolsmilad mahdavi
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API SecurityPrabath Siriwardena
 
I Have the Power(View)
I Have the Power(View)I Have the Power(View)
I Have the Power(View)Will Schroeder
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Linux crontab
Linux crontabLinux crontab
Linux crontabTeja Bheemanapally
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basicsamiable_indian
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Easiest way to start with Shell scripting
Easiest way to start with Shell scriptingEasiest way to start with Shell scripting
Easiest way to start with Shell scriptingAkshay Siwal
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)Sam Bowne
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysissecurityxploded
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Michael Man
 
Testing Terraform
Testing TerraformTesting Terraform
Testing TerraformNathen Harvey
 

More Related Content

What's hot

I Have the Power(View)
I Have the Power(View)I Have the Power(View)
I Have the Power(View)Will Schroeder
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Easiest way to start with Shell scripting
Easiest way to start with Shell scriptingEasiest way to start with Shell scripting
Easiest way to start with Shell scriptingAkshay Siwal
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)Sam Bowne
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 

What's hot (20)

Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API Security
 
I Have the Power(View)
I Have the Power(View)I Have the Power(View)
I Have the Power(View)
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Linux crontab
Linux crontabLinux crontab
Linux crontab
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
 
Easiest way to start with Shell scripting
Easiest way to start with Shell scriptingEasiest way to start with Shell scripting
Easiest way to start with Shell scripting
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 

Similar to Enterprise Vulnerability Management - ZeroNights16

Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Michael Man
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
 
Vulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comVulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comAlexander Leonov
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupMatt Ray
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDNebulaworks
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...Amazon Web Services
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesSysdig
 
Security workflow with ansible
Security workflow with ansibleSecurity workflow with ansible
Security workflow with ansibledevanshdubey7
 
資安控管實務技術
資安控管實務技術資安控管實務技術
資安控管實務技術bv8af4
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations CenterJimmy Mesta
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuPaul O'Connor
 

Similar to Enterprise Vulnerability Management - ZeroNights16 (20)

Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
 
Testing Terraform
Testing TerraformTesting Terraform
Testing Terraform
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Vulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comVulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.com
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
nessus
nessusnessus
nessus
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CD
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
The Nix project
The Nix projectThe Nix project
The Nix project
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in Kubernetes
 
Security workflow with ansible
Security workflow with ansibleSecurity workflow with ansible
Security workflow with ansible
 
資安控管實務技術
資安控管實務技術資安控管實務技術
資安控管實務技術
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with Sensu
 

Recently uploaded

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Recently uploaded (20)

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

Enterprise Vulnerability Management - ZeroNights16

  • 2. 1. A variety of Vulnerability Scanners 2. Experience in the use of Tenable SecurityCenter and Nessus 3. How to make an efficient vulnerability management? 4. Vulnerability Scanner as a valuable asset 5. Beyond scanners Content
  • 3. A variety of Vulnerability Scanners
  • 4. •When the scan is finished, the results may already be outdated •False positives •Per-host licensing Knowledge base •How quickly vendor adds new vulnerability checks? •No scanners will find all vulnerabilities of any software •Some vulnerabilities may be found only with authorization or correct service banner •You will never know real limitations of the product A variety of Vulnerability Scanners Some problems
  • 5. A variety of Vulnerability Scanners Nessus vs. Openvas All CVEs: 80196 Nessus CVE links: 35032 OpenVAS CVE links: 29240 OpenVAS vs. Nessus: 3787;25453;9579
  • 6. A variety of Vulnerability Scanners Nessus vs. Openvas All CVEs: 80196 Nessus CVE links: 35032 OpenVAS CVE links: 29240 OpenVAS vs. Nessus: 3787;25453;9579 2673 OpenVAS plugins 6639 Nessus plugins 38207 OpenVAS plugins and 50896 Nessus plugins All NASL plugins: OpenVAS: 49747 Nessus: 81349
  • 7. •“Old” vulnerabilities •Vendor forgot to add links to CVE id •Vulnerabilities in plugins (N: WordPress VideoWhisper) •Don’t support “Local” software (N: openMairie) •Stopped adding new vulnerabilities (N: vBulletin, O: Solaris) Why?
  • 8. In other words •Vulnerability Scanner is a necessity •Don't depend too much on them •Scanner does not detect some vulnerability — it’s YOUR problem not your VM vendor •Choose VM solution you can control •Have alternative sources of Vulnerability Data (vulners.com, vFeed)
  • 9. Sometimes a free service detects better
  • 10. •Linux OS vulnerability scan •Immediate results •Dramatically simple https://vulners.com/#audit Vulners Linux Audit GUI
  • 12. Vulners Linux Audit API curl -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d '{"os":"centos","package":["pcre-8.32-15.el7.x86_64", "samba-common-4.2.3-11.el7_2.noarch", "gnu-free-fonts-common-20120503-8.el7.noarch", "libreport-centos-2.1.11-32.el7.centos.x86_64", "libacl-2.2.51-12.el7.x86_64"],"version":"7"}' https://vulners.com/api/v3/audit/audit + Agent Scanner
  • 13. Experience in the use of Tenable SecurityCenter and Nessus Architecture
  • 14. Experience in the use of Tenable SecurityCenter and Nessus Architecture
  • 15. Experience in the use of Tenable SecurityCenter and Nessus Discovery Finding a live host Assessment What assets? Analysis What to fix first? Remediation Fix the problem • What time for fixing? • Risks? Scan: • External and Internal perimeters Scan for specific assets: • Workstations, Network Servers • What CVSS score? • Fixing • Accepting risks
  • 16. Experience in the use of Tenable SecurityCenter and Nessus Reporting and dashboards
  • 17. Nessus .audit files (built-in or highly customized plug-ins) - Operation systems (SSH, password policy, local accounts, audit, etc.) - Databases (privileges, login expiration check, etc.) - Network devices (SSH, SNMP, service finger is disable, etc.) - Etc. Experience in the use of Tenable SecurityCenter and Nessus Compliance checks Checking the PCI DSS requirements and others
  • 18. Experience in the use of Tenable SecurityCenter and Nessus Homemade Reporting Graphs: • MS Critical + Exploitable • MS Critical • MS Other • Windows Software Tables: • Legend • Top vulnerable hosts • Top vulnerabilities
  • 19. Experience in the use of Tenable SecurityCenter and Nessus Homemade Ticketing
  • 20. ● Scanners updating by scripts ● New plugins ● Log-management and monitoring ● Harmless pentest ● FalsePositive ● Authentication Failure Experience in the use of Tenable SecurityCenter and Nessus Usage Problems
  • 22. Vulnerability Scanner as a valuable asset Dangerous audit file
  • 23. Domain + two-factor authentication Role model in SecCenter Monitoring of using nessus account Vulnerability Scanner as a valuable asset Monitoring
  • 24. Restricting Nessus permissions Defaults:scanaccount !requiretty Cmnd_Alias NESSUSAA = /bin/sh -c echo nessus_su_`echo [0-9]*[0-9]` ; *; echo nessus_su_`echo [0-9]*[0-9]` Cmnd_Alias NESSUSXA = ! /bin/sh -c echo nessus_su_`echo [0-9]*[0-9]` ; *;*; echo nessus_su_`echo [0-9]*[0-9]` Cmnd_Alias NESSUSXB = ! /bin/sh -c echo nessus_su_`echo [0-9]*;*[0-9]` ; *; echo nessus_su_`echo [0-9]*[0-9]` Cmnd_Alias NESSUSXC = ! /bin/sh -c echo nessus_su_`echo [0-9]*[0-9]` ; *; echo nessus_su_`echo [0-9]*;*[0-9]` scanaccount ALL = (root) NESSUSAA, NESSUSXA, NESSUSXB, NESSUSXC Not officially supported May stop working anytime More like security through obscurity rather than efficient protection
  • 25. What is still wrong (from NopSec “2016 Outlook: Vulnerability Risk Management and Remediation Trends”)
  • 26. Risk management? Asset management? Threat intelligence? Detecting scanning gaps? Do you really need expensive “state of the art” solution? ..and what’s beyond vulnerability scanning?
  • 27. For pentesters For splunk, big data and fancy tech HUBBLESTACK.IO For the rest of us There is an alternative
  • 28. Import all you scans data to the database ..do anything you want! Monitor changes, create scopes, custom reports, whatever Avoid VM vendor lock-in Simple as that
  • 29. We do not have critical asset inventory! Wait.. we do. It is called “monitoring” Use zabbix data to create asset lists Push back alerts to zabbix Use case: asset management
  • 30. Create exploit capabilities description (CVSS sucks!) Add environment data (internal and external scans at least) Add anything you want (threat intel) No part is mandatory! Use case: advanced risk management