Contemplating Vulnerability Monitoring

[lunarlander]

Hi All,

I am contemplating adding some form of vulnerability monitoring to my mix. Nessus comes to mind.
a) Do these vulnerability monitoring programs detect things posted on sites like exploit-db ? If not, then they are useless in my mind.
b) If they do find vulnerabilities found on hacker sites, then what do we do with the knowledge? Some maybe blockable at the firewall. But with no security team, I can't write signatures for these vulnerabilities for my ipfire snort guardian. What can be done?

 

[XhenEd]

Why do you want to add a vulnerability monitoring program? Are you working for a company or an owner of one?

Just asking for context because, as far as I know, normally a home user doesn't need it. I think it's more of a corporate need than a home user need (although some of Kaspersky's home user products do have vulnerability checks).

 

[lunarlander]

Vulnerability monitoring is a guard against hackers, you can find examples of what they use at exploit-db.net . And it is free. Any hacker worth anything knows of it. To think a home user is not at risk of getting hacked is foolish. If your system or network is low hanging fruit, hackers will grab at it. They don't care if you are a corp or not.

And don't forget, every home have at least one PC now, and kids grew up watching cartoons and movies glorifying hackers, and they just want to be one too. At other forums I frequent, we get queries on how to install Kali linux from kids frequently. The distro comes with hacking tools like Metasploit and it is a gui tool. Anyone can learn to use it.

 

[Andy Ful]

If you use WiFi then hacking the standard home computer is rather easy. If not, then the attacker has to first hack through the router NAT, which is not easy.

One can harden the protection by disabling Windows remote features (remote desktop, remote registry, remote shell, etc.) or harden the router settings. It would be more effective for most users, except the people who like controlling what is happening in their computers.
For them, there is a good monitoring feature on Windows 10:
Discuss - Application Control on Windows 10 Home

Threat Detection using Windows Defender Application Control (Device Guard) in Audit Mode

Note: I originally scrapped this post because I didn’t like that audit events were only logged once per boot due to caching, however…

posts.specterops.io

 

[roger_m]

To think a home user is not at risk of getting hacked is foolish.

I'm a home user and have never been hacked.

 

[Andy Ful]

I'm a home user and have never been hacked.

You are an example (probably true), but not the proof.

 

[upnorth]

To think a home user is not at risk of getting hacked is foolish. If your system or network is low hanging fruit, hackers will grab at it. They don't care if you are a corp or not.

100% agree! All the automated scans that happens 24/7 on everyone connected to the Internet and if access found possible in one way or the other it will of course happen either your name is Mr.NotImportant or IBM, as all the millions of reported successful malicious attacks on Google Play and even on Apple Play along with constant leaks of millions and even billions " common " user information after hacks, should speak more then well enough for itself.

I'm a home user and have never been hacked.

A genuine hack can come in many layer and it don't automatic have to include a ID-theft or lost of money that makes one understand one been hacked. A machine/s or one's network can be used for much more. Also a true hack ain't easy to spot and find, especially when even the real experts have a hard time understand it's origin and even fails plug the hole.

 

[Andy Ful]

The vulnerability of being hacked is real, but not so probable for the home users. There are more probable events, like:

1. Breaking a bone on the stairs.
2. Being robbed by someone.
3. Being injured in the traffic accident.
4. Having complications after flu disease.
5. Being infected by the malware (not detected by the AV).
6. ... and many others.

Many of those events can be less dangerous, if one is cautious and aplies kind of prophylaxis (like disabling Windows remote features).

 

[upnorth]

Millions and billions of home/common users that gets effected by constant hacks year after year, I personal wouldn't call " not so probable ". It's too easy to flood this thread or any other with the constant reports thats posted and shared even here on MT in the news sections, and no I don't consider those fake or useless as those sources are well known and respected in the genuine security community. Calling for example a report from the Cisco Talos Ingelligence Group fake or useless, says for me personal everything I need to know.

 

[ZeroDay]

Are you looking for something like 0Patch ?

 

[Andy Ful]

Millions and billions of home/common users that gets effected by constant hacks year after year, I personal wouldn't call " not so probable ".
...

That is right. It looks very dangerous, but it is not because there are so many people.
That is also true that over one million people per year die in traffic accidents.
The next million (or probably more) break the bones on the stairs, ... and so on. Yet, most people and most MT members sleep soundly and do not think about it. There are 7.7 billion people on the Earth and if 1 billion use computers at home, then the chance of being hacked in the year 2019 is something like 1/1000 (probably less). It is a real danger, but I think that it is not so probable as compared to the standard malware infections and many other dangerous events.
Furthermore, one can drop the chances of being hacked, by simple hardening (remote features, scripting, router hardening).

Edit.
I am sorry if my posts are slightly off topic. Personally, I like to have control over the system, but I do not think that this would be necessary for most home users.

 

[Andy Ful]

Are you looking for something like 0Patch ?

Looks like a good software for applying temporary patches (only for advanced users).

 

[upnorth]

That is right. It looks very dangerous, but it is not because there are so many people.
That is also true that over one million people per year die in traffic accidents.
The next million (or probably more) break the bones on the stairs, ... and so on. Yet, most people and most MT members sleep soundly and do not think about it. There are 7.7 billion people on the Earth and if 1 billion use computers at home, then the chance of being hacked in the year 2019 is something like 1/1000 (probably less). It is a real danger, but I think that it is not so probable as compared to the standard malware infections and many other dangerous events.
Furthermore, one can drop the chances of being hacked, by simple hardening (remote features, scripting, router hardening).

Edit.
I am sorry if my posts are slightly off topic. Personally, I like to have control over the system, but I do not think that this would be necessary for most home users.

I understand what you say but no, I disagree. I'm talking about Internet Hacks, not traffic accidents or broken bones in stairs or even of how many people die or is born every day or year.

 

[Andy Ful]

I understand what you say but no, I disagree. I'm talking about Internet Hacks, not traffic accidents or broken bones in stairs or even of how many people die or is born every day or year.

So, we are not in contradiction.
Most Internet hacks are performed via phishing, social engineering tricks, email attachments, etc. They are the common source of malware infections in the home environment. The hackers use also other tools (several penetrating tools and exploit kits). They are used to hack the local networks (mostly in businesses and organizations), so this is another kind of attack vector (not common in the home environment). Both Internet attacks and local network attacks can use system & software vulnerabilities.

 

[upnorth]

Internet Hacks also includes mobile phones and issues on there platforms/OS, Play store etc. Even mobile networks has major issues. SS7 is one example among many.

 

[Andy Ful]

Internet Hacks also includes mobile phones and issues on there platforms/OS, Play store etc. Even mobile networks has major issues. SS7 is one example among many.

... and more:
The 5 Worst Examples of IoT Hacking and Vulnerabilities in Recorded History | IoT For All

 

[Andy Ful]

Everyone is worried about something that happened to him, his family, friends ...
So no one is objective. For me, personally, all those dangerous events related to hacking and malware infections are pure theory like breaking bones, being injured in a traffic accident, etc. Never happened to me. So, it is easy for me to think about them statistically. I suspect that someone badly infected by malware has the right to worry about malware infection more than about breaking the leg. But, this does not mean that everybody should do it in advance.
Of course, ignoring the problem would be also not rational. We should find some kind of proportion (statistics can help here).

Edit.
My comment is specifically related to lunarlander post, which I understood as related to hacking the home user (local) network:
https://malwaretips.com/threads/contemplating-vulnerability-monitoring.92152/post-811884
Personally, I have nothing against monitoring tools and researching the hacker attacks. In fact, I like both.

 

[Local Host]

Millions and billions of home/common users that gets effected by constant hacks year after year, I personal wouldn't call " not so probable ". It's too easy to flood this thread or any other with the constant reports thats posted and shared even here on MT in the news sections, and no I don't consider those fake or useless as those sources are well known and respected in the genuine security community. Calling for example a report from the Cisco Talos Ingelligence Group fake or useless, says for me personal everything I need to know.

A ocean full of fish, one will have gems in it's mouth.

You can find just as many reports for anything else, doesn't mean there's a high chance of it happening, same as the reports that cellphones cause cancer.

Your Home System is in fact safer than Enterprise Systems, as companies that tend to use outdated Software with known exploits, even then the Systems need to infected and exploited before a hacker can even dream of doing anything, so just use an Anti-Virus.

This is not the movies, where you input an IP address in a shiny software and finds half a dozen open doors for you to press a button and enter with no effort. Even a cheap router will stop those attacks, don't even need to mention Windows.

I would pay if anyone managed to enter network, leave alone any of my devices, and I'm not using any Anti-Exploit nor shiny Router.

 

[Andy Ful]

...
I would pay if anyone managed to enter network, leave alone any of my devices, and I'm not using any Anti-Exploit nor shiny Router.

From what I understood, upnorth thought about all forms of hacking, including malware delivered via the Internet (also phishing and email attachments), just in purpose to gain control on the system.

 

[lunarlander]

Hacking for mischievous 'fun', hacking for identity theft, hacking to plant bots, hacking for stealing biz intelligence, and hacking to stalk are all common. The attacker can use various Methods: phishing, delivering malware through email attachments, drive-by downloads, and other more direct attacks like cellphone hacking. And all the methods rests on some part of your Windows, devices or network having some vulnerability. To prevent disruptions to CIA ( confidentiality, integrity and availability ) which we take for granted, one has to know your vulnerabilities and then put up defenses accordingly.

Risk evaluations should consider the cost of the device/PC, the time and cost it takes to recover from an attack, and the disruptions to CIA. Risk evaluation is not gut based feelings that one is a Mr. Nobody Important or that one is not a biz. Funds and time should be allocated for proper protection. Vulnerability monitoring is just a more pointed way to decide on what protection to get, instead of just following popular concepts like 'must get an antivirus program'. Commonly we perform risk evaluations when we do things like buying a good door lock and installing a smoke alarm. No reason why we shouldn't do it for our IT possessions, and our personal data, which is a very important part of modern living.