Jumper CSIRT participating in ENISA project

Posted on May 17, 2012 by Siobhan O'Leary

Jumper CSIRT, part of Jumper Consulting Investment Ltd is participating in the ENISA’s “Further Definition and Deployment of Baseline Capabilities for National / Governental CERTs”.

The questionnaire addresses mandate & strategy, services portfolio, operational capabilities and national and international cooperation

First part of the project will be a questionnaire which will then be followed by the establishment of a working group.

ENISA was set up to enhance the capability of the European Union, the EU Member States and the business community to prevent, address and respond to network and information security problems.

Posted in About Jumper, News | Comments Off

Are you already PCI-DSS Compliant ? – Check it out for free now

Posted on May 3, 2012 by Siobhan O'Leary

Acquiers , banks and payment brands are now driving merchants for compliance with the PCI-DSS standard. Depending on the size of your organisation, you could full-fill the requirements with either a Self Assessment Questionnaire or a QSA led audit. Do you want to know where you stand ? Contact us and ask for a free, no strings attached, on-site consultation.

Posted in News | Tagged | Comments Off

Openvas-4 Setup and Scanning Experiences on Ubuntu 10.04

Posted on April 18, 2012 by s.duignan

To begin with, Openvas-4 was downloaded from the openSUSE Build Repository,  (www.openvas.org/install-packages.html#openvas4_ubuntu_obs). The quick-install/start of the Openvas build was relatively straight-forward until the “Openvas-check-setup” script was ran which revealed quite a few other dependencies were missing. The script was helpful to identify the missing packages and for configuring the other Openvas components-Manager, Administrator, Scanner. Based on reading about the different interfaces for Openvas, Openvas using Greenbone Security Assistant (web-client) was chosen as it is browser based and it is “Vulnerability Management Made Easy”. Indeed this statement is true until it was found that only ‘Opera’ (also tested Firefox, Chrome, Chromium) accepts the TLS certificates to launch Openvas via HTTPS.

The interface for GSA is quite user friendly and has many advantageous features compared to other scanners:

  • Import and configure new scan templates
  • Schedule scans to run at specific times
  • Authorize the local Openvas server to run scans from a remote desktop/laptop with Openvas client installed using the “Slave” option
  • Run local security checks
  • Store agent tools for signature verification using “Agent”
  • Receive notification of completed scans using the “Escalator”
  • Import and manipulate report templates
  • Define new targets and create “Tasks” based on the previously set features.
  • It is recommend to use a desktop/laptop with a high spec processor as it consumes up to 150% of the CPU in idle mode and higher while a scan is running.
  • User interaction with the scan output/reports.
  • Scans that are run multiple times against a defined target can trend the results to indicate if the vulnerability patching/updates successfully resolved or failed.
  • User comments can be added to the results and then appended into the generated report.

Openvas allows other independent security auditing tools to be integrated into the Openvas user defined scans. There are 14+ tools ranging from web server scanners, port scanners, local security checks daemon and software vulnerability check tool, (www.openvas.org/integrated-tools.html)

However, the documentation for first installing and integrating these tools was minimal and required extensive research and testing before successful integration with Openvas. The best advice for seeking information on the Openvas install plus integrated tools is to subscribe to the Openvas mailing list, IRC channel and forums/blogs related to Linux, (openvas-discuss-request@wald.intevation.org, www.linux.hr/openvas/, www.linuxquestions.org/). Be patient as some of these resources are quite inactive so best to troubleshoot yourself while waiting.

In comparison to Nessus, the plugins received from Openvas NVT feed is just more than half the size (current count of 25,401 plugins) compared to 48.427 Nessus plugins. Nessus tends to report newer vulnerabilities while Openvas reports older vulnerabilities although it still detects current vulnerabilities (depending on the subscribed NVT feed).
Overall, Nessus is the de facto PCI DSS security auditing tool based on the volume of plugins, technical support and R&D behind it. However, Openvas is a worthy challenger as it integrates security tools which Nessus lacks and the web client is more use friendly combined with the more attractive report presentation of detected hosts and vulnerabilties.

Posted in Tech/ Research | Tagged | Comments Off