The patch release of the Qualys Cloud Platform, version 18.104.22.168-1, includes new support for HashiCorp Vaults as well as for Virtual Scanner Appliance for OCI and OCI-Classic Platforms.
Recently three students from University of Saarland in Germany discovered that the MongoDB databases running on several thousand commercial web servers allow remote attackers to easily access and manipulate the database from the Internet. According to their research, it is not uncommon for MongoDB databases to be configured to accept any connection from the Internet.
In this blog I will discuss how unauthorized access works and how to check if your MongoDB is exposed. Qualys Vulnerability Management has released QID 19965 to check for the same.
IPv6 first came onto the horizon years ago, and it has seemingly stayed out there ever since. Recently, we’ve heard or read a lot about having run out of IPv4 addresses. But the transition is not so simple, and we find ways to extend the time until it is necessary to make IPv6 a priority. Some great information on adoption is available at Google’s “IPv6 statistics" page.
At this page, the Adoption tab shows a trend with enough historical data to tempt a statistician to extrapolate. Adding another dimension, the Per-Country adoption tab shows geographic adoption overlaid with very interesting info on connectivity issues – reliability and latency.
Even while global adoption is below 1%, IPv6 is showing signs of significant increase, and it is prudent to pay attention and make sure it doesn’t introduce new security exposures in your network. For instance, deploying IPv6 ready devices, such as desktops and laptops with modern operating systems, on IPv4 networks can cause problems as IPv6 traffic may bypass IPv4 specific protection systems (including firewalls, intrusion detection systems), allowing IPv6 traffic to reach unintended recipients if there is a lack of expertise in IPv6 networking. See footnote.
If you are interested in knowing more about the exposure of your IPv6 devices connected to the Internet, the steps below walk you through how to scan an IPv6 address using Qualys FreeScan:
Step 1: Create your account. If you already have an account you can skip to the next step:
1. Go to https://freescan.qualys.com/
2. Click on “Sign up”.
3. Enter your name, email address and company information as indicated in the page.
4. You will shortly receive your credentials by email.
Step 2: Use your FreeScan credentials to open a session at https://freescan.qualys.com/
Step 3: Enter your Internet facing IPv6 address in the “New IP scan” field as shown below:
Step 4: Wait a little while for the scan to finish. It typically takes 5 to 15 minutes:
Step 5: Once the scan is completed you can review the vulnerabilities of your IPv6 device that are exposed on Internet and can be potentially be exploited in order of criticality: (note: we need a better screenshot here)
Whether or not IPv6 is imminent for everyone, or whether switchover is becoming a high priority, we can say that we are in a learning period whereby challenges, pitfalls and real-world problems will be exposed as all of us in the IT and security community increasingly are involved in working with IPv6.
To a large extent we will need experience, insight and ongoing input from the Qualys community to track and assess progress as well as setbacks, while inside Qualys we continue our work to stay ahead of the market.
Please let us know your feedback on utilizing this new capability in FreeScan. We’d also like to know how important IPv6 is to you in 2012, how important you expect it to be in 2013, and perhaps most importantly, how it needs to be supported by Qualys or your IT vendors.
Foot note: Draft Proposal filed with the Internet Engineering Task Force on April 27, 2012: “Security Implications of IPv6 on IPV4” by Fernando Gont of the UK Centre for the Protection of National Infrastructure