I have recently moved my blog to https using free Let’s Encrypt (Linux Foundation Project) certificate.
Let’s Encrypt service works the best, when you have your own server. You just need to configure some scripts that will regularly request new certificates and everything will work automatically. But, even if your site is on shared hosting, it’s still possible to use Let’s Encrypt. You can make the certificate on your machine, I used Ubuntu Linux, and then add them in the web interface of your hoster, of course if this feature is supported. Certificate will be valid for 4 month, and then you will need make a new one.
To say the truth, I did it because search engines and browser vendors will discriminate http-only sites very soon. And, of course, for fun. Green lock icon in address bar looks cool. ^_^
The great thing about Tenable SecurityCenter: when you buy it you also get hundreds of licenses for Nessus. You can google different types of SecurityCenter bundles with “SecurityCenter Continuous View – On Premise” request. “Scanners” here mean SC scanners:
You will need these scanner licenses to deploy Nessus hosts on your network, connect them to your Tenable SecurityCenter and manage scan process using SecurityCenter via graphical user interface or API. Of course, with all the restrictions on amount of IP addresses that you can scan.
At the same time, these Nessus for SecurityCenter servers are fully functional. Technically this servers are the same as Nessus Professional. Nessus for SecurityCenter has the same web interface, where you can create multiple user accounts, manage the scans in GUI and API, scan any amount of IP addresses. Scan data will be stored locally on your Nessus server and your SecurityCenter will not see it or use it in any way. This is really great. And I hope it is a feature and not a bug.
However, there are some differences. Nessus Professional downloads security plugins and makes activation using remote Tenable severs. Nessus for SecurityCenter does these things using SecurityCenter in your network.
So, when you have such a great amount of Nessus licenses you may want to install one on your own laptop. It might be really useful for debugging. For example, when you are developing your own nasl scripts, to enable them in Nessus, you will need to restart it. And you will not probably want to do it on the Nessus server where dozens of scanning jobs are running.
In this post I will try to install Nessus on Centos 7 in VirtualBox, configure port forwarding, activate and update Nessus plugins with SecurityCenter.
Today I would like to write about a popular type of “security research” that really drives me crazy: when author takes public Vulnerability Base and, by analyzing it, makes different conclusions about software products or operating systems.
The article is based on Flexera/Secunia whitepaper. The main idea is that various security software products are insecure, because of amount of vulnerability IDs related to this software existing in Flexera Vulnerability Database. In fact, the whole article is just a listing of such “unsafe” products and vendors (IBM Security, AlienVault USM and OSSIM, Palo Alto, McAfee, Juniper, etc.) and the expert commentary: cybercriminals may use vulnerabilities in security products and avoid blocking their IP-address; customers should focus on the security of their proprietary code first of all, and then include security products in the protection scheme.
What can I say about these opuses of this kind?
They provide “good” practices for software vendors:
Hide information about vulnerabilities in your products
It may seem like NGFW topic is not really related to vulnerability assessment and vulnerability management. In fact, correlation of security events in traffic with vulnerability scan data sometimes may give very interesting results. For example, if we have a Windows desktop host with critical vulnerabilities, it won’t be a big surprise to detect some botnet activity related to this host. Fixing of this hosts should be a high priority task. Moreover, Palo Alto NGFW now supports signatures for vulnerability detection, like Tenable PVS. It’s pretty logical: if you are already searching something in the network traffic, why not to look also for vulnerable software versions in the packet headers?
At the “Monitoring” tab of Palo Alto NGFW GUI web-interface you can see a flow of security events, produced by Palo Alto security rules, standard or custom. With PA query language you may easily filter this events. It is also possible to produce reports. However, the standard reports Palo Alto are not very informative and only represent some statistics of attacks without any additional information. Much more interesting reports you can make using Palo Alto API.
Westworld is a TV show about the problems of corporate Information Security. Really.
Look, Delos Corporation actively uses legacy code, which was written 30 years ago. No one has an idea of how it works and it can not be just thrown away. Bugs, critical vulnerabilities and even backdoors appeared in core of the hosts regularly. They couldn’t be fixed and patched. In most cases only some compensatory measures were applied. And they were not applied systematically.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at email@example.com or contact me any other way.