Security in Today's WorldWritten by Paul Bliss
There are many things in life that are worth protecting. Our children, our valuables, our resources and of course, ourselves. Only twenty years ago, if security was mentioned, you were speaking of protecting your home. And you were most likely discussing a security system, monitoring, watchdogs, firearms and cameras.
With explosion of personal computer, and internetís ease of access to information, security has now taken on additional roles. With over 605 million people online at any given moment worldwide, criminals are no longer bound by geographic location. Todayís cyber criminal can hack from comfort of his home just by getting online.
There are software programs that do nothing but scan internet for un-secure ports and open networks so that they can enter into those unprotected machines to access critical information. There are many users who know little about internet security and rely on their ISP to provide it for them.
To look deeper into this topic, letís examine qualities that make security both similar and different. With your home, you have a physical area that you can protect with fire and motion sensors, cameras, glass-break detectors and decals strategically placed to deter would-be thieves. For your computer, you protect a virtual space usually containing sensitive information relevant to your personal finances or key identity theft items such as family names and social security numbers. To protect these resources, one must install software (anti-virus, port scanners, Trojan hunting software, firewalls) as one level of protection. You can also add another layer of security through a hardware firewall of connectivity to and from internet or network.
Both home security and computer security have maintenance costs associated with them. Reliable home security will usually consist of a one-time fee to install hardware in your home, and then an agreement to have 24-hour monitoring service for a given length of time. Computer security will consist of buying software and then either a monthly or yearly subscription fee to receive latest information and protection from internet threats.
One difference between two are methods of monitoring. While computer security is only responsive while computer is active or online, home security monitoring is responsive at all times provided system is properly armed.
Another distinction is method of response. In home security, a human will respond by dispatching police, fire or EMS directly to your home or business site. On a computer, response is when software vendor becomes aware of problem, creates a solution, and has an update available for download.
Running your first scan using NessusWXWritten by Lew Newlin
The following is a simple how-to guide for installing, configuring, and running your first vulnerability scan using NessusWX Windows client. The instructions do not include in depth explanations as it is assumed that you are familiar with benefits of using Nessus and have a general working knowledge of Windows.
As with any software installation, your results may vary depending on machine operating system and patch levels being used. The installation steps were conducted using of NessusWX 1.4.4 on several Windows operating systems and patch levels including XP, 2000, and 2003 Server to insure accuracy. It is recommended that installation be conducted using ďadminĒ account or equivalent to avoid rights issues.
If installation process completed successfully, you now have a NessusWX desktop icon and Start/Programs/NessusWX menu listing.
- Download and save self-extracting version of NessusWX for Intel platforms from http://nessuswx.nessus.org/ to a temp directory on your hard drive. (nessuswx-1.4.4-install.exe, 1413KB in size);
- Double-click NessusWX-1.4.4-install.Exe to start installation process;
- If using XP SP2 you may be prompted with a warning message that publisher could not be verified, click <Run>
- At "Welcome to Installation Wizard" screen click <Next>
- At "License Agreement" screen read license terms, check "Yes, I agree with all terms of this license agreement", click <Next>;
- At "Destination Folder" screen enter desired location for NessusWX, or accept default of C:Program FilesNessusWX, click <Next>;
- At "Setup Type" screen select "Binaries Only", or if you wish source files included select "Binaries & Source", click <Next>;
- At "Program Group" screen select desired program group, or leave at default of NessusWX, click <Next>;
- At "Ready to Install Program" screen click <Next>;
- At "Installation Complete" screen click <Ok>.
Configuration of NessusWX
Before configuring NessusWX client, you need some information concerning Nessus server you will be using. Please contact you Nessus server administrator for assistance if needed.
Nessus server IP: _______________________
Nessus port number: _____________________ (default is 1241)
Max simultaneous hosts: __________________ (default is 16)
Max security checks per host: ______________ (default is 10)
Your Nessus login name: __________________
Your Nessus login password: _______________
Maximum simultaneous hosts, and maximum security checks per host, refers to number simultaneous scans that will be performed. It is possible to optimize a Nessus server to support more then default settings and to use a different port. If in this information is not available or unknown use default values.
Your Nessus Server administrator has ability to limit what IP range(s) you can scan based on your login name. Speak with your Nessus server administrator and determine what limits, if any, have been established.
- Upon executing NessusWX you will be prompted with "Settings" screen, "General" tab,requesting database directory information. By default NessusWX uses C:NessusDB to storescan result. The database location can be a network drive if you wish to store results on a network drive for security purposes. Select defaults value or change to desired directory, click <Ok>
- If directory you selected does not exist, you will be prompted with a creation message, click <Yes>
- Select "Communications/Connect" menu option
- Change default Server "Name", from default 127.0.0.1, to desired Nessus server;
- Change default Server "Port Number", from 1241, to desired Nessus server port if needed;
- By default, NessusWX selects TLSv1 as encryption option;
- Select "Authentication by Password" radio button;
- Check save password checkbox;
- Change default Authentication "Login" value to your Nessus login name;
- Enter your Nessus login name password, click <Connect>
- You will be prompted with New Server Certificate window displaying Nessus server certificate information, click <Accept & Save>
If userid/password information you entered is correct, you will receive a brief message that NessusWX is downloading plugin information. Upon download completion, something similar to following will be displayed at bottom of NessusWX screen:
Connection with server [xxx.xxx.xxx.xxx] established
xxxx plugins loaded
xxxx preferences received
xxxx rules received
You now have a fully functioning copy of NessusWX installed, have connected to a Nessus Server, and are ready to being performing vulnerability scans.
Before You Scan
Before performing vulnerability scanning, a few cautions and recommendations should be considered:
- Make sure you are acting within your authority. Most companies have strict policies about who can perform vulnerability scanning and on what equipment. Acting outside your authority with a vulnerability scanner could lead to your dismissal;
- Absent Nessus server based rules that limit what IP ranges you can test, obtain written permission on what you are and are not permitted to perform vulnerability test on;
- Vulnerability scanning can leave equipment in an unstable state. This is practically true if performing Denial of Service tests and/or testing systems are very poorly configured. Nessus vulnerability scanning is normally not destructive and rebooting affected equipment will return it to correct operational state;
- NessusWX has a selection for "Safe checks" that disables most dangerous scripts from executing and instead relies on banners information to determine vulnerability rather than exploiting real flaw. However, it is still possible to leave equipment in an unstable state;
- If your company uses an intrusion detection system, performing vulnerability scanning on network will most likely trigger intrusion alerts. Vulnerability scanning is very "noisy" and easily detected by most intrusion detection systems;
- If you are performing vulnerability scans across internet verify your ISP will not object, that your scanning will not trigger their intrusion detection system, and request documentation concerning scanning polices and rules that you must follow;
- Exercise common sense when performing vulnerability scans. For example, itís most likely not a good idea to run a Denial of Services test on your core router during normal business hours;
- NEVER SCAN EQUIPMENT THAT YOU ARE NOT EXPRESSLY AUTHORIZED TO SCAN. Doing so could result in lawsuits, bad press, jail, ISP termination, and unemployment just to name a few. Running a Denial of Services test against your competitorís web site for example, will most likely result in several unwanted events occurring once you and your company are identified as cause.