David L. Farquhar, computer security professional, train hobbyist, and landlord
What is ASM in security? ASM stands for attack surface management. It solves a real security problem. But it may not be the security problem that you think it solves, and it also doesn’t solve it as completely as it sounds like it may. Let’s talk about what ASM does and whether you might want it.
In Australia, they have a national day called R U Ok. And one of my Australian coworkers used that as an opportunity to reach out to the rest of the company. We all thanked him. Mental health is a problem in the field of computer security, and IT as a whole, and we rarely talk about it. It’s time that we start. Let’s take the taboo out of mental health and infosec.
I had a discussion with somebody this week about vulnerabilities that don’t have CVEs. I learned from this conversation that there are a lot of misconceptions about those. So let’s talk about vulnerabilities without CVEs, and what to do about them.
Here’s a tough question that follows me wherever I go, as a vulnerability management practitioner. Can Qualys scan a mainframe? I’m going to answer that question in a way that proves I probably should run for office someday. It depends what you mean by “scan.” I’ll also hedge by saying the appropriate first word in that sentence is “should,” rather than “can.”
A former coworker called me up the other day. He interviewed for a job and they asked him how to secure an API. Which reminded me of the many times people asked me how to scan an API with Qualys when I worked at Qualys. You’re certainly not going to give a complete answer in a job interview, and I’m not sure I can do much besides send you down the right path, but there are certainly some wrong answers to this. So let’s talk about how you secure an API.
My friend does vulnerability management for a company that likes to rebuild machines instead of patching them. I don’t judge; that’s how I wanted to patch machines when I was a sysadmin but I didn’t have fast enough storage. But if you do this, you’re liable to end up with duplicate machines in your reports. One unpatched, and the other one (hopefully) patched. Here’s how to rebuild machines without making duplicates in Qualys or Tenable.
I participated in a brief discussion on Twitter the other week about being careful how you choose your passwords. Passwords can and will show up in places you don’t intend. When that happens, you don’t want it to cause a problem. Here’s what happened to me once when I didn’t choose a password carefully.
Viewing message headers is helpful for troubleshooting, and also making sure you’re not getting phished. Microsoft moved things around in recent versions of Outlook, so here’s how to view message headers in Outlook–the current version.
If you work in a corporate environment, there’s a chance you see something called the Qualys Cloud Agent running on your computer. And information about this mysterious agent can be hard to come by? What does the Qualys cloud agent do? How does it work? I’m glad you asked.
Unlike its leading competitor, the Qualys Cloud Agent scans automatically. This is good and bad. It means you don’t have to schedule scans, but it also means the Qualys agent essentially has free will. The results wander in whenever they feel like wandering in, and some people want more control than that. Especially at the end of a maintenance window. How to initiate an agent scan was easily the most frequent question I got when I was supporting Qualys for a living. And for a long time, you couldn’t. Then, when Qualys released the feature, they did so about as quietly as can be. Here’s how to force a Qualys Cloud Agent scan.
You can force a Qualys Cloud Agent scan on Windows by toggling a registry key, or from Linux by running the cloudagentctl.sh shell script.