Jan
08

Rapid7’s NeXpose: Reshaping Security

By

When it comes to the data center, one of the highest priorities for the IT department is security. IDC’s Frank Gens, Senior Vice President & Chief Analyst said, that security ”is always the number one concern of IT.” Gartner and Forrester studies also put security up as one of the high priorities that a data center can provide its customers.

Security in a data center doesn’t just cover the web server or the network. Security encompasses the entire data center from end to end. Normally this means the purchasing of multiple security devices and software packages. To watch over the security a fully staffed IT department would have to be hired, to maintain the security policies and to implement, enforce, and solve security problems.

Therefore, it is with this mindset we first looked at Rapid7’s security application NeXpose. NeXpose is a Unified Vulnerability Management (UVM) system. UVMs provide end-to-end security and can cover multiple systems.

NeXpose comes in four forms; software, hardware appliance, SaaS, and managed. The software runs on Microsoft Windows Server 2003, Microsoft Windows Server 2000, SuSE Enterprise, Red Hat Enterprise, Fedora 9, Debian 4.0, CentOS 4, and Ubuntu 7.1.

In a nutshell, NeXpose protects the entire network using non-malicious penetration attacks. The results of these attacks are prioritized and summarized. NeXpose delivers the steps on how to solve these vulnerabilities and then provide the results in a professional grade report.

Scanning the Network

Scanning the network begins with identifying what devices make up the network. This process ensures that NeXpose uses pertinent attacks increasing reliability and the speed of the scan. If the user likes, they can take some time to block off sections of the network (asset groups), set permissions, etc. By setting permissions for sections of the network, the user can delegate the security of sections to others or could use the permissions to resell NeXpose.

NeXpose uses a Java expert system shell (JESS,) that scans and finds vulnerabilities much like the methods employed by ethical hackers and security audit firms. If we look at a network as a system with a series of layers, the power of this expert system becomes apparent.

For an example: if the network is vulnerable to a SQL injection attack NeXpose will use it to gain access to the database. At the database level, it will check for more vulnerabilities such as privilege escalation vulnerability to gain access to the operating system layer. With each vulnerability found, NeXpose looks to see how far that single vulnerability can go.

NeXpose scans hardware, networks, operating systems, databases, applications, web applications, and follows security policies. Here is just a small taste of what NeXpose can scan routers, switches, hardware firewalls, Microsoft Windows, Linux, Solaris, Mac OS, IPSec, PPTP, DHCP, DNS, Oracle, Microsoft SQL Server, Sybase, MySQL, Lotus Domino, Microsoft Exchange, Lotus Notes, Adobe Acrobat, Apache, Microsoft IIS, Telnet, SSH, ASP, ColdFusion, PHP, AJAX, JavaScript, password policies, user rights, system access policies, and a lot more.

Since the expert system finds exploits organically, it can greatly reduce false positives to well below 1%. In fact, if a customer finds a problem with the software it will be sent to Rapid7 as a bug and will be fixed and updated within two weeks if it is verifiable.

NeXpose’s broad coverage gives the user the complete picture. NeXpose can tell the user how a vulnerability in one section of the network affects other areas. The impact a single vulnerability has on a network as a whole aids NeXpose in determining the priority of a vulnerability. A timeline can be built for the assessment and solving of security problems with sequenced patching, plan security upgrades, and create a road map for fixing network problems.

The Summation and Fixing Vulnerabilities

Once vulnerabilities have been prioritized, NeXpose offers a systematic process to fix each vulnerability. NeXpose also builds a list of possible patches and upgrades that will help in solving vulnerabilities. If several patches are grouped in a single download (such as service pack), then NeXpose will display that download instead of all the individual patches.

NeXpose has a built in ticket system as well to handle implementation of security fixes. This gives the user flexibility in assigning multiple security vulnerability projects and can greatly increase efficiency.

All of the information produced by NeXpose can be placed into a report. Reports can be selected from a number of template styles or can be customized to match the company’s security policy. Each report is sequenced with table of contents, bookmarks, highlighted sections, etc. The reports are professional quality and in many ways can be used as the final draft of an executive level vulnerability report.

Technology and Customer Support

NeXpose’s vulnerability database currently has more than 11,000 definitions and over 26,000 checks with more added as new vulnerabilities are found. The Rapid7 team updates NeXpose on continuous rotations to keep it up to date with various operating system and software vulnerabilities. As an added bonus, NeXpose comes with a 100% accuracy policy, if a customer finds a problem in the software, they will push it into development and get it fixed and updated within two weeks (after it has been verified).

Customer support for NeXpose comes in many flavors. Extended office hour phone support and email is standard with 24/7 phone support for an additional cost. Since Rapid7 has only one product, the entire customer support staff is knowledgeable in deploying NeXpose. Rapid7 also offers consulting and training services.

Every now and again, there is a product that really seems to get it right and delivers. Rapid7’s NeXpose is one of those products. If you are serious about security, you should give NeXpose a look.

Categories : Security

Comments are closed.

About Us

WebHostBlog comes from the creators and former staff of WebHostMagazine.com. WebHostBlog has been a source for Web hosting information and marketing tips since 2003. Along with news and information on the Web hosting industry WebHostBlog.com has covered topics such as business strategy and marketing and continues to be a quality resource for host related subjects. Read More

Contact Us

We work long hours, however we are always interested in hearing what you have to say. So if you have any ideas, comments, questions, death threats, or have a business proposal let us know!

For information on getting a hold of us, you can find our contact information on our Contact Us page

Special Thanks

Our staff has been working with Web Hosts and Web Host finders and news and information sites for over 20 years now and on behalf of those who knew us at The Ultimate Web Host list, Web Host Directory, Web Host Magazine, Web Host Blog and other sites, we'd like to say thank you for helping to build this amazing industry. And we'd like to give a special thanks to many of you who have contributed to these pages, and to Web Host Magazine when we owned and ran it for 14 years. Thanks for your help and advice!
. . . . .