Обзор продуктов tenable для анализа защищенности корпоративной инфраструктуры

Service Alerts Are Important

When I first started using Nessus, I would tend to only pay attention to alerts marked as High or Critical (the ones that show up as red in the Nessus client). However, as we have seen with the examples above, there is great information in all Nessus alerts. For example, an alert was generated for TCP port 1337:

The first thing you may notice is that the port is somewhat suspicious. Why would a host be listening on port 1337? (i.e., «leet» in «leetspeak»). The description provided by Nessus plug-in («Service Detection») indicates that it is a possible shell server or backdoor running on this port. We can test this theory by connecting to the port with netcat and issuing shell commands:

$ nc 192.168.1.21 1337
id
uid=0(root) gid=0(root)
uname -a
Linux slax 2.6.16 #95 Wed May 17 10:16:21 GMT 2006 i686 pentium3 i386 GNU/Linux

The above represents a netcat listener left on the system by running nc -l -p 1337 -e /bin/sh. While Nessus does a fantastic job of finding known software vulnerabilities, it can also identify services that provide illicit access to the system. I have been on more than one assessment where a machine was found to be compromised before our testing started, and this is a good example of the kind of thing you may find listening and left behind by an attacker. Another interesting port is 31337/TCP, which in this case represents a standard netcat listener (nc -l -p 31337). The interesting thing about these listeners is that when Nessus tested them, the results showed up on the console:

Сравнение решений Tenable

Казалось бы, каждое из представленных решений позволяет выявлять уязвимости, однако их возможности и область применения различны. Это позволяет организациям осознанно подходить к вопросу безопасности своих активов и выбрать продукт, который будет оптимально соответствовать требованиям.

Таблица 1. Сравнение решений для анализа защищенности компании Tenable