Topgallant Partners

Nessus vs. Saint

Jeff Jones — Wed, 28 Mar 2012 21:13:26 +0000

I recently conducted a Penetration Test. Our Methodolgy is to always use to tools to verify against each other. I used both Saint and Nessus as Vulnerability Scanners. Compared Side by Side, I found that Saint was able to identify more Vulnerabilities than Nessus. I also use Metasploit, Saint and the tools in BackTrack v5 for penetration testing.

On the Vulnerability Identification Side, both Saint and Nessus found three common vulnerabilities, but it also found many more. Saint found nine! Three of which had a CVE rating of greater than 7.5. Nessus highest CVE Rating was 5.

Both Vulnerability Scanners were Commercial i.e. I paid good money for both. Saint is $2K per year for a Consultant’s license and Nessus Professional Feed was $1.5K.

Saint also includes a Penetration Test Tool while Nessus only contains a Vulnerability Scanner. It also has a Great Reporting Feature.

Anyone have a comment.

Tennessee insurer to pay $1.5 million for breach-related violations

Jeff Jones — Thu, 15 Mar 2012 20:06:35 +0000

BlueCross BlueShield agrees to pay HHS for HIPAA violations tied to 2009 breach that exposed data on 1 million members- IT World

http://www.itworld.com/government/258736/tennessee-insurer-pay-15-million-breach-related-violations

Hot Products and Services

Jeff Jones — Thu, 15 Mar 2012 18:39:48 +0000

If anyone is interested please post your Hot Product or Service that we can offer to our clients. Remember it must something Security Related.

Sutter Medical sued after theft of computer with patient data

topgallant — Wed, 30 Nov 2011 16:27:22 +0000

Sutter Health had a class action suit filed against them after a computer was stolen containing personally identifiable data of more than 944,000 thousand patients. The suit seeks $1000 per person in damages for all affected. Evidently the data was not encrypted and the suit is based on the failure to secure medical information based on California’s Confidentiality of Medical Information Act. Source: BusinessInsurance.com

HIPAA Risk Analysis Phased Approach

Jeff Jones — Thu, 10 Nov 2011 14:55:35 +0000

I will list the steps to perform a HIPAA Risk Analysis, but since I am short on time. I am going to do this in Phases. I will try to do this in the up coming days. So everybody stand-by.

Saint Penetration Tester on Ubuntu 11.04 x64

Jeff Jones — Mon, 12 Sep 2011 20:51:30 +0000

I just finished setting up Saint Penetration Tester on Ubuntu 11.04 x64. Works Great but their a few caveats.

1. I first setup Ubuntu Desktop with 10.04 x64 on a New Toshiba R845-S80 with 4 GB of Memory. Result was that the software didn’t recognize my Ethernet Adapter but did recognize my Wi-Fi Adapter. After about 3 hours of trying to find a solution. I reverted to to Ubuntu 32-bit.

2. Same Issue with Ubuntu 10.04 couldn’t load eth0. GRRRRRRR

3. Loaded Ubuntu Desktop 11.04 x32 worked. Downloaded Saint and it worked great. Caveat- After you download and double clicking on Saint, you have to wait a few seconds for the authentication password. After that you need to wait and don’t click on the install button again or you will totally F-up the install. (I did do this and had to reload Ubuntu again). Instead click on the History Tab in the Installer and make sure that it is running. Also, copy your license via gedit your license and paste and create a file called license.txt. You will get a bunch of errors in the terminal but ignore them.

After which go to your programs tab and look for Saint and Saint Web Daemon. Drag those to your Programs tab on your Sidebar.

Then Voila, setup for Saint Express Updates with the keys that you received. And your ready to rock an roll.

4. Because I loaded the 32-bit, there is a universal limitation that 32-bit OS’s can only handle up to 3 GB of memory. So, finally I reloaded Ubuntu 11.04 64-bit and redid the Step 3 and everything works great.

I was using a VMWare Server, but the performance was pretty sluggish. By dedicating a new Workstation/Server. Performance is really really good. Currently I have 4 GB of Memory (2x 2GB SDRAM), I ordered 2 4GB SDRAM Cards. The result should be really awesome.

Jeff

Security Breaches

Jeff Jones — Wed, 22 Jun 2011 16:43:45 +0000

Why do security breaches happen? Is it lack of due diligence, theft, hacking or data loss.? How can you prevent this from happening?