iTnews
  • Home
  • Features
  • Technology
  • Security

Watch your threats

By Marcia Savage on Nov 11, 2005 4:10PM
Watch your threats

George Washington University needed to boost its vulnerability scanning in a mixed system environment. By Marcia Savage

When George Washington University in Washington D.C. tried to get students and system administrators to install host-based security, it had mixed results. While the campaign led to an enhanced security posture, it made it harder to audit for vulnerabilities. Personal firewalls would block scans by tools used by GWU, such as Nessus.

GWU needed a new way to uncover vulnerabilities in an extremely mixed environment: a hodgepodge of IT systems on a range of platforms, including Windows, Linux, Solaris and Novell, for some 30,000 students and staff.

"We needed a creative solution," says Amy Hennings, assistant director of information security at GWU.

What they wanted was a vulnerability-assessment tool to perform passive scanning of the network, so they tested three solutions. One did not scale enough and crashed, another just didn't perform well. The third passed with flying colors: NeVO from Tenable Network Security.

This tool continuously monitors network traffic and detects whether an application is compromised or if an internal system begins to port scan other systems, tracks which systems communicate with internal systems, identifies new services listening on existing servers and determines the type of operating systems running on active hosts. "It gave us a better overall picture," says Hennings.

GWU installed two of the sensors, covering nearly all of the traffic flowing in and out of the university IP space.

Before implementing the new system, GWU found it hard to develop security plans because the IT environment changes every fall when students and faculty return and bring in new systems. The new system lets them know what they're dealing with, such as how many systems are running Windows XP, Linux or Windows 98, and the types of internet browser software.

NeVO's continuous scanning provides a real-time view into the environment. "We wanted constant, up-to-the minute information," says Hennings.

The tool also works as a check on GWU's change-management system, adds Hennings, spotting, for example, if a new system pops up in the datacenter."

GWU uses NeVO in conjunction with Tenable's Lightning Console, which collects and consolidates the data produced by it and the university's intrusion-detection and prevention systems.

The combination has had an unexpected benefit in transforming GWU's incident-response process, says Hennings: "It gave us an picture of the events leading up to an alert. We could track back all the connections to and from that system to get an idea of what happened." One time, a worm outbreak was traced back to a contractor who had brought a laptop infected with a worm onto campus.

The console also aids remediation efforts by allowing IT staff to separate vulnerability data and send it out to departmental systems administrators, who can then take action on problems affecting their area.

The use of passive scanning for vulnerability assessment is fairly new, according to Amrit Williams, analyst at market-research firm Gartner. Some vendors perform passive scanning to look for anomalous network behavior and identify threats, but not vulnerabilities, he says.

The traditional active vulnerability assessment scanners cannot find any real-time changes unless they have an agent on the system, he says: "They won't find changes until they come back around and scan it again."

Passive scanners do have a downside: they "can't actually find anything until something occurs," says Williamson. "If I never use the IIS [Internet Information Services – Microsoft's web server] service, it's going to be difficult for a passive scanner to know I'm running IIS," he says.

Gartner recommends companies use passive vulnerability scanning in conjunction with an active scanner.

As for GWU, the next step is developing cutting-edge correlation techniques for security events, says Hennings.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
securitythreatswatchyour

Partner Content

Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Marcia Savage
Nov 11 2005
4:10PM
0 Comments

Related Articles

  • ASD creates CISO role in REDSPICE hiring blitz
  • Threat actors abuse penetration testing tool for attacks
  • OpenSSL fixes remote code execution bug
  • GitLab races out vulnerability-fix release
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals

PayTo rollout kicks off

PayTo rollout kicks off

Neobank Volt exits the banking industry

Neobank Volt exits the banking industry

Westpac sets sights on hybrid meeting spaces

Westpac sets sights on hybrid meeting spaces

Digital Nation

Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.