ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    So you want to build a Security Program? Part 1 - Vulnerability Scanning

    Scheduled Pinned Locked Moved IT Discussion
    72 Posts 13 Posters 8.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ @NDC
      last edited by

      @NDC said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

      @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

      @IRJ As in, you shouldn't be scanning everything on the open internet.

      The FBI, NSA and other 3 letter government agency's will come knocking down your door.

      They have neither the resources nor the inclination to go after everyone that runs a simple scan. They don't in fact have the resources to go after all the people who have committed significantly damaging illegal acts let alone anything else.

      I see about 10 scans a minute from all over the world on our external servers on a slow day!

      1 Reply Last reply Reply Quote 1
      • IRJI
        IRJ @NDC
        last edited by

        @NDC said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

        @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

        @IRJ As in, you shouldn't be scanning everything on the open internet.

        The FBI, NSA and other 3 letter government agency's will come knocking down your door.

        They have neither the resources nor the inclination to go after everyone that runs a simple scan. They don't in fact have the resources to go after all the people who have committed significantly damaging illegal acts let alone anything else.

        Exactly and if US law cannot do anything then what are countries like China and Russia going to do? lol

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @IRJ
          last edited by

          @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

          @NDC said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

          @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

          @IRJ As in, you shouldn't be scanning everything on the open internet.

          The FBI, NSA and other 3 letter government agency's will come knocking down your door.

          They have neither the resources nor the inclination to go after everyone that runs a simple scan. They don't in fact have the resources to go after all the people who have committed significantly damaging illegal acts let alone anything else.

          Exactly and if US law cannot do anything then what are countries like China and Russia going to do? lol

          Execute you?

          IRJI 1 Reply Last reply Reply Quote 0
          • IRJI
            IRJ @scottalanmiller
            last edited by

            @scottalanmiller said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

            @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

            @NDC said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

            @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

            @IRJ As in, you shouldn't be scanning everything on the open internet.

            The FBI, NSA and other 3 letter government agency's will come knocking down your door.

            They have neither the resources nor the inclination to go after everyone that runs a simple scan. They don't in fact have the resources to go after all the people who have committed significantly damaging illegal acts let alone anything else.

            Exactly and if US law cannot do anything then what are countries like China and Russia going to do? lol

            Execute you?

            Yeah I am sure China's focus is to find everyone running nmap scans on American servers so they can execute them.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @IRJ
              last edited by

              @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

              @scottalanmiller said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

              @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

              @NDC said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

              @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

              @IRJ As in, you shouldn't be scanning everything on the open internet.

              The FBI, NSA and other 3 letter government agency's will come knocking down your door.

              They have neither the resources nor the inclination to go after everyone that runs a simple scan. They don't in fact have the resources to go after all the people who have committed significantly damaging illegal acts let alone anything else.

              Exactly and if US law cannot do anything then what are countries like China and Russia going to do? lol

              Execute you?

              Yeah I am sure China's focus is to find everyone running nmap scans on American servers so they can execute them.

              You never know.

              IRJI 1 Reply Last reply Reply Quote 0
              • IRJI
                IRJ @scottalanmiller
                last edited by

                @scottalanmiller said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                @scottalanmiller said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                @NDC said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                @IRJ As in, you shouldn't be scanning everything on the open internet.

                The FBI, NSA and other 3 letter government agency's will come knocking down your door.

                They have neither the resources nor the inclination to go after everyone that runs a simple scan. They don't in fact have the resources to go after all the people who have committed significantly damaging illegal acts let alone anything else.

                Exactly and if US law cannot do anything then what are countries like China and Russia going to do? lol

                Execute you?

                Yeah I am sure China's focus is to find everyone running nmap scans on American servers so they can execute them.

                You never know.

                They could always build another ghost city.

                1 Reply Last reply Reply Quote 1
                • DashrenderD
                  Dashrender @IRJ
                  last edited by

                  @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                  @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                  @IRJ As in, you shouldn't be scanning everything on the open internet.

                  The FBI, NSA and other 3 letter government agency's will come knocking down your door.

                  No they wont. It's like walking or driving up to a house and looking and casing it out for a robbery. You aren't doing anything illegal until you breach the house.

                  actually this is now illegal in some country - not this exactly, but I can't recall where, some country (Japan maybe) just passed a law where it's illegal to plan something illegal.

                  IRJI scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • IRJI
                    IRJ @Dashrender
                    last edited by

                    @Dashrender said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                    @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                    @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                    @IRJ As in, you shouldn't be scanning everything on the open internet.

                    The FBI, NSA and other 3 letter government agency's will come knocking down your door.

                    No they wont. It's like walking or driving up to a house and looking and casing it out for a robbery. You aren't doing anything illegal until you breach the house.

                    actually this is now illegal in some country - not this exactly, but I can't recall where, some country (Japan maybe) just passed a law where it's illegal to plan something illegal.

                    It's impossible to police

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @IRJ
                      last edited by

                      @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                      @Dashrender said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                      @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                      @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                      @IRJ As in, you shouldn't be scanning everything on the open internet.

                      The FBI, NSA and other 3 letter government agency's will come knocking down your door.

                      No they wont. It's like walking or driving up to a house and looking and casing it out for a robbery. You aren't doing anything illegal until you breach the house.

                      actually this is now illegal in some country - not this exactly, but I can't recall where, some country (Japan maybe) just passed a law where it's illegal to plan something illegal.

                      It's impossible to police

                      Of course it is - it's just like another gun law - just one more thing to through at people after they are caught.
                      Like Capone and taxes..

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                        @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                        @DustinB3403 said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                        @IRJ As in, you shouldn't be scanning everything on the open internet.

                        The FBI, NSA and other 3 letter government agency's will come knocking down your door.

                        No they wont. It's like walking or driving up to a house and looking and casing it out for a robbery. You aren't doing anything illegal until you breach the house.

                        actually this is now illegal in some country - not this exactly, but I can't recall where, some country (Japan maybe) just passed a law where it's illegal to plan something illegal.

                        It's illegal most places, but impossible to prove.

                        1 Reply Last reply Reply Quote 0
                        • momurdaM
                          momurda
                          last edited by

                          I have installed using the hyperv image on my workstation. Have run a scan.
                          The scan results don't make any sense.
                          It is showing I am running about 10 different insecure versions of linux kernel, none of which I am running on the machine I scanned.
                          0_1498164745454_18784078-6253-4249-812b-2d0080ce5b85-image.png
                          Above is a snippet of a pdf report of the scan showing me a list of kernels which are not on this server as far as I know.
                          uname -r
                          returns
                          0_1498164802671_93cf14bc-7db8-4554-8f84-e0b3bd49b518-image.png

                          IRJI 1 Reply Last reply Reply Quote 0
                          • momurdaM
                            momurda
                            last edited by

                            Running
                            rpm -qa | grep kernel
                            showed 5 or 6 kernels still installed. whoops.
                            package-cleanup --oldkernels --count=2 removed all but the current and next oldest one.

                            BRRABillB 1 Reply Last reply Reply Quote 2
                            • CloudKnightC
                              CloudKnight
                              last edited by

                              It's defiantly taking my cpu for a sprint.....

                              0_1498167159068_2017-06-22 22_30_53-.png

                              1 Reply Last reply Reply Quote 0
                              • BRRABillB
                                BRRABill @momurda
                                last edited by

                                @momurda said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                Running
                                rpm -qa | grep kernel
                                showed 5 or 6 kernels still installed. whoops.
                                package-cleanup --oldkernels --count=2 removed all but the current and next oldest one.

                                OpenVAS FTW.

                                1 Reply Last reply Reply Quote 2
                                • IRJI
                                  IRJ
                                  last edited by

                                  As mentioned in the OP, OV is very resource inefficient. Nessus is a night and day difference, but isn't cheap.

                                  1 Reply Last reply Reply Quote 0
                                  • IRJI
                                    IRJ @momurda
                                    last edited by

                                    @momurda said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                    I have installed using the hyperv image on my workstation. Have run a scan.
                                    The scan results don't make any sense.
                                    It is showing I am running about 10 different insecure versions of linux kernel, none of which I am running on the machine I scanned.
                                    0_1498164745454_18784078-6253-4249-812b-2d0080ce5b85-image.png
                                    Above is a snippet of a pdf report of the scan showing me a list of kernels which are not on this server as far as I know.
                                    uname -r
                                    returns
                                    0_1498164802671_93cf14bc-7db8-4554-8f84-e0b3bd49b518-image.png

                                    I've seen this before when credentials don't work and a vulnerability scanner has to guess the OS version. Are you sure the credentials worked on that first scan?

                                    IRJI 1 Reply Last reply Reply Quote 0
                                    • IRJI
                                      IRJ @IRJ
                                      last edited by

                                      @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                      @momurda said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                      I have installed using the hyperv image on my workstation. Have run a scan.
                                      The scan results don't make any sense.
                                      It is showing I am running about 10 different insecure versions of linux kernel, none of which I am running on the machine I scanned.
                                      0_1498164745454_18784078-6253-4249-812b-2d0080ce5b85-image.png
                                      Above is a snippet of a pdf report of the scan showing me a list of kernels which are not on this server as far as I know.
                                      uname -r
                                      returns
                                      0_1498164802671_93cf14bc-7db8-4554-8f84-e0b3bd49b518-image.png

                                      I've seen this before when credentials don't work and a vulnerability scanner has to guess the OS version. Are you sure the credentials worked on that first scan?

                                      Nvm reading comprehension helps.. Lol

                                      1 Reply Last reply Reply Quote 0
                                      • IRJI
                                        IRJ
                                        last edited by

                                        Another thing to note is that Credentialed scans are much more polite compared to non Credentialed scans. Non Credentialed scans are much more taxing on the box since everything is guessed slamming the box.

                                        dafyreD 1 Reply Last reply Reply Quote 1
                                        • dafyreD
                                          dafyre @IRJ
                                          last edited by

                                          @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                          Another thing to note is that Credentialed scans are much more polite compared to non Credentialed scans. Non Credentialed scans are much more taxing on the box since everything is guessed slamming the box.

                                          A non-credentialed scan would be more akin to a hacker attacking and trying to get in, I would think.

                                          Have you tried throwing more CPU cores at OpenVAS instead of / in addition to RAM?

                                          I ran it on 4GB RAM / 4 CPU Cores for ~30 Servers and got reasonable performance out of it.

                                          IRJI 3 Replies Last reply Reply Quote 1
                                          • IRJI
                                            IRJ @dafyre
                                            last edited by

                                            @dafyre said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                            @IRJ said in So you want to build a Security Program? Part 1 - Vulnerability Scanning:

                                            Another thing to note is that Credentialed scans are much more polite compared to non Credentialed scans. Non Credentialed scans are much more taxing on the box since everything is guessed slamming the box.

                                            A non-credentialed scan would be more akin to a hacker attacking and trying to get in, I would think.

                                            Have you tried throwing more CPU cores at OpenVAS instead of / in addition to RAM?

                                            I ran it on 4GB RAM / 4 CPU Cores for ~30 Servers and got reasonable performance out of it.

                                            How long did it take to complete on 30+ servers?

                                            dafyreD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 4 / 4
                                            • First post
                                              Last post