Thursday, January 30, 2014

A Day of Updates: both Nessus Client and Burp

It just happens to be one of those days where everything I use has to be updated.  It started with Nessus, when opening my client I was prompted to download and install the new client.  Nessus has moved from 5.2.4 to 5.2.5.

Later, it was on to auditing a small application, and that meant firing up Burp Suite.  Burp notified that it needed to be updated from 1.5.20 to 1.5.21.

So, if you are using those apps, now is the time to update.

Friday, January 17, 2014

PhishMe and Sophos Enterprise

We're starting up a security awareness campaign, where, in part, we will be using PhishMe's service to phish our employees; where falling for the phish will lead to training and education.  PhishMe provided us with the list of all the domains that they own so that we could white-list them in our proxies.  I tested them all, but there were two or three domains I still couldn't reach.

Sophos Enterprise provides a method to explicitly allow connections to specific web sites even if the Sophos proxy would normally block it.  (Exceptions can be added in the Web Control, on the "Website Exceptions" tab.)  Pretty simple.

However, after adding the domains to the exception, there were still two or three domains that I still could not reach.  I didn't want to just exclude those domains from scenarios, as I felt it might limit my choices.  I found that the Anti-Virus and HIPS Policy has a section that addresses domain blocking...and I believe this is if the AV thinks that there is malware on the page.  If you view your "Anti-Virus and HIPS Policy" you will see a section mid-way down the screen titled Web Protection.  If it is on, click the Authorization button at the top of the screen.  Go to the Websites tab, and add the domains you want to white-list.  Bear in mind that the AV will not scan these domains.  Once you hit OK, you should be able to browse the domains.