Category Archives: Compliance Scanning

SolarWinds Virtualization Manager

Description

A virtualization manager is a virtualization environment management application that provides capabilities to create, edit, remove and monitor virtual machines. A virtualization manager provides a complete management solution for many different virtual machines simultaneously through a single application management console.
A virtualization manager is also known as a virtual machine manager, a virtual machine monitor or a hypervisor.
Source 

Continue reading

VRealize Automation

Description

VMware vRealize Suite is a software product suite designed to enable IT professionals to create and manage hybrid clouds. The vRealize Suite bundles existing management software, including IT Business Management Suite, vCloud Automation Center (vCAC), vCenter Operations Management Suite and vCenter LogInsight.

Continue reading

Nessus Audit file conditions

You can use ‘if then else’ logic in your Nessus auditfile to:

  • target your checks to specific applications, versions, roles/features, environments.
  • check conditions that are required to run the check, for example the availability of
    commands, file/directory, service/daemon, open port, running executable, installed package etc.
  • minimize the number of auditfiles by implementing condition blocks

Continue reading

Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

Nessus Description

The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount is non-null. It means that the remote host locally caches the passwords of the users when they log in, in order to continue to allow the users to log in in the case of the failure of the PDC. Continue reading

MS15-124: Cumulative Security Update for Internet Explorer (3116180)

Nessus Output

ASLR hardening settings for Internet Explorer in KB3125869
have not been applied. The following DWORD keys must be
created with a value of 1:
  - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
  - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe

Continue reading

Check Windows File Integrity with sfc and powershell

Objective

Use file integrity checking tools to ensure that critical system files (including sensitive system and application executables, libraries, and configurations) have not been altered.
Critical Security Control #3: Secure Configurations for Hardware and Software – System 3.5

SFC and Powershell

Windows contains a build-in utility called sfc to verify and fix Windows File Integrity issues.
Lets have a quick look what this utility and some powershell can do for us.
The flags differ on older versions of Windows so check it’s options before running the commands below.

Continue reading

Active Directory

STIGS:

CIS Benchmarks:

CVE Details:

Nessus:

Nessus Plugins for Active Directory
 

Audit XML configuration files

A quick example to query a xml config file to retrieve a specific security setting

Powershell:

Select-Xml -path C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config -XPath "/configuration/system.web/membership/providers/add" | 
Select-Object -ExpandProperty node | 
Select-Object passwordFormat
 
passwordFormat
--------------
Hashed

 

Cloud Security

Links:

  • Security Guidance for Critical Areas of Focus in Cloud Computing : Cloud Security Alliance
  • Cloud Computing Risk Assessment — ENISA
  • NIST Cloud Computing 6 Security Reference Architecture
  • Whitepaper Cloudcomputing | NCSC
  • Cloud Controls Matrix : Cloud Security Alliance

Websphere Application Server

Security Configuration Guides:

Websphere Application Server bevat IBM HTTP Server die zijn oorsprong vind in Apache HTTP Server.