Tag Archive for: Cyber-Sicherheit

Markus Feilner

BSI warns: Log4J remains a problem

Even more than two years after the first problems with Log4j became known, many scenarios are apparently still running unpatched versions of the logging library.

Greenbone’s products help – especially in detecting outdated software.

No one should take Log4j lightly as a done deal just because the vulnerability (CVE 2021-44228) has actually been fixed for a year and a half. That is the conclusion of an event at the end of March in which the German Federal Office for Information Security (BSI) issued an urgent warning. The vulnerability affected Log4j versions 2.0 to 2.14.1 and allowed attackers to execute their own programme code on target systems and compromise third-party servers. Greenbone’s products have detected the Log4j vulnerabilities since December 2021 and can therefore warn administrators.

Under the title “Log4j & Consequences” in the series “BuntesBugBounty“, the BSI spoke with Christian Grobmeier from the Log4j team and Brian Behlendorf from the Open Source Security Foundation (OpenSSF). Shockingly, more than a third of the downloads on the Log4j website still add up to outdated versions that do not contain the important patch – it can be assumed that numerous systems in companies are still vulnerable.

This is mainly due to third-party software that Log4j embeds or integrates via software distribution – which is not at all surprising to Grobmeier, because that is how the supply chain works with open-source software. According to the Log4J developer, nothing can be changed in the near future.

This is also confirmed by the Open SSF: for Behlendorf, only stricter liability for software producers could be helpful, as is already being considered in the USA. Without fundamentally new approaches, the problems are unlikely to change.

Those who nevertheless want to protect themselves permanently against attacks on known vulnerabilities that have already been patched should take a look at Greenbone’s products. Only professional vulnerability management gives administrators an overview of outdated software versions and unpatched gaps in the company’s systems – and thus creates the basis for further security measures.

The development of vulnerability tests is a key activity at Greenbone and a continuous process that ensures the high quality of the products and thus the high benefit for customers. Security checks are carried out every day and vulnerability tests are developed and integrated into the products daily as well, prioritized by the security situation. In the case of critical security warnings, as with Log4j, Greenbone reports on the current status, the facts and how to deal with them, for example in the blog posts about Log4j.


Contact Free Trial Buy Here Back to Overview

/by
Markus Feilner

Greenbone launches new Community Portal

Greenbone, the global leader in open source vulnerability management solutions, has launched a community portal for its user and developer community, making the extensive information available for community editions clearer and easier to access.

Graphic with rocket and the welcome to the new Greenbone Community Portal

Who is the portal for?

At community.greenbone.net, vulnerability management experts invite users, developers and all IT professionals who are professionally involved in security and protection against hackers to browse forums, blogs, news and documentation and help shape the pages.

Central point of contact
“Our new Community Portal is the central place where users, experts, Greenbone employees and anyone else interested can meet and get up-to-the-minute information about the products, the company or new features,” explains Greenbone’s Community Manager DeeAnn Little: “We want the portal to be a home for the large, worldwide Greenbone community, with all the links and information anyone who works with our vulnerability management tools needs.”

What the new portal offers
For both Greenbone OpenVAS and the Greenbone Community Edition, you can find (under “Getting started“) numerous instructions on how to install and configure the community versions. In addition, there are news and updates, for example about the recently released Docker container releases of the Community Edition but also current figures about Greenbone installations on a world map and a completely revised forum with new categories and Blog.

For the community, with the community
“All this would not be possible without the numerous contributions from the Greenbone community, but at the same time this is only the first step,” explains Little: “In the future, we will also have our experts explain technical details and present new features here.

Greenbone invites the large community to give input and suggestions which topics are of relevance and interest for them Little explains:

“We welcome all input and all suggestions, ideas and ideas for improvement, which is exactly what the portal is here for. Send us your questions, any questions! What have we missed? What would you like to see? How can we make the portal, the forum and the new pages even better? What topics would you like to see – what should we report on?” You can leave your statement here, we will be glad to reveive it.

Greenbone Community Forum in a new look

Greenbone has also integrated the popular User Forum into the Community Portal. With the new look, it will continue to provide users of Greenbone’s software – regardless of their technical background – with a platform for ideas, mutual help, but also feedback.

Screenshot of the new Greenbone Community Forum with categories and current discussions

“The forum is a place where users can meet and help each other as equals – it’s a place of exchange where we can always learn, too,” Little explains. “Whether it’s a beginner’s question, more in-depth howtos, or getting started guides, many a user will find help from experienced users in the forum, even in exotic setups.”


Contact Free Trial Buy Here Back to Overview

/by
Jan-Oliver Wagner

Active and Passive Vulnerability Scans – One Step Ahead of Cyber Criminals

In networked production, IT and OT are growing closer and closer together. Where once a security gap “only” caused a data leak, today the entire production can collapse. Those who carry out regular active and passive vulnerability scans can protect themselves.

What seems somewhat strange in the case of physical infrastructure – who would recreate a break-in to test their alarm system – is a tried and tested method in IT for identifying vulnerabilities. This so-called active scanning can be performed daily and automatically. Passive scanning, on the other hand, detects an intrusion in progress, because every cyber intrusion also leaves traces, albeit often hidden.

Controlling the Traffic

Firewalls and antivirus programs, for example, use passive scanning to check traffic reaching a system. This data is then checked against a database. Information about malware, unsafe requests and other anomalies is stored there. For example, if the firewall receives a request from an insecure sender that wants to read out users’ profile data, it rejects the request. The system itself is unaware of this because the passive scan does not access the system but only the data traffic.

The advantage of this is the fact that the system does not have to use any additional computing power. Despite the scan, the full bandwidth can be used. This is particularly useful for critical components. They should have the highest possible availability. The fewer additional activities they perform, the better.

The disadvantage of passive scanning is that only systems that are actively communicating by themselves can be seen. This does not include office software or PDF readers, for example. But even services that do communicate do so primarily with their main functions. Functions with vulnerabilities that are rarely or not at all used in direct operation are not visible, or are only visible when the attack is already in progress.

Checking the Infrastructure

Active scans work differently and simulate attacks. They make requests to the system and thereby try to trigger different reactions. For example, the active scanner sends a request for data transfer to various programs in the system. If one of the programs responds and forwards the data to the simulated unauthorized location, the scanner has found a security hole.

Graphic comparing active and passive vulnerability scanning: On the left, the scanner sends requests to network devices (active scan); on the right, it passively monitors data traffic (passive scan).

The advantage: the data quality that can be achieved with active scanning is higher than with passive scanning. Since interaction takes place directly with software and interfaces, problems can be identified in programs that do not normally communicate directly with the network. This is also how vulnerabilities are discovered in programs such as Office applications.

However, when interacting directly, systems have to handle extra requests which may then affect the basic functions of a program. Operating technology such as machine control systems, for example, are not necessarily designed to perform secondary tasks. Here, scanning under supervision and, as a supplement, continuous passive scanning are recommended.

Scanning Actively, but Minimally Invasive

Nevertheless, active scanning is essential for operational cyber security. This is because the risk posed by the short-term overuse of a system component is small compared to a production outage or data leak. Moreover, active scans not only uncover vulnerabilities, they can also enhance passive scans. For example, the vulnerabilities that are detected can be added to firewall databases. This also helps other companies that use similar systems.

Active and Passive Scanning Work Hand in Hand

Since the passive scanner can also provide the active scanner with helpful information, such as information about cell phones or properties about network services, these two security tools can be considered as complementary. What they both have in common is that they always automatically get the best out of the given situation in the network. For the passive and active scanning techniques, it does not matter which or how many components and programs the network consists of. Both security technologies recognize this by themselves and adjust to it. Only with a higher level of security does the optimized tuning of network and scanners begin.

So it is not a question of whether to use one or the other. Both methods are necessary to ensure a secure network environment. A purely passive approach will not help in many cases. Proactive vulnerability management requires active scans and tools to manage them. This is what Greenbone’s vulnerability management products provide.


Contact Free Trial Buy Here Back to Overview

/by