A few months ago, Tripwire allowed me access to the beta test version of their recently released Tripwire SecureScan™ tool. Two facts that caught my attention right away: The service is both free for users to scan up to 100 IPs and is cloud-based. Indeed, it is rare to see such an initiative in the security industry.
The following is my ToolsWatch review of the service. When Tripwire SecureScan account initialization is complete, you will be connected to a nice clean web user interface (UI) which is a very easy to navigate:
The main core section manages scan profiles and the subsequent results, and the top area is dedicated to account management. It is a simple, effective, and classic interface. Remember, simplicity is the ultimate sophistication (Da Vinci).
It is easy to comprehend that by clicking on “Add New Scan Profile” will begin a new security scan setup. This step requires the downloading of a “connector” which allows the creation of a secure link (VPN) between your workstation and Tripwire’s server channel. The connector is based on OpenVPN:
Installing the connector, which is mandatory for any cloud service, on any Windows operating system (mine was installed on Windows XP) only takes a few seconds. At the end of this step, the connector will install a tunnel (network tap) and add an exception to the firewall.
The start of a scan is done intuitively with a wizard:
The application automatically detects the installed connector. To check how the system reacts, I intentionally removed the connector from my workstation.
I was surprised by a small utility called PureCloudConfigTool.exe found in the installation directory (by default c: \ Program Files \ Tripwire). It was very easy to initialize the connection, configure the network interface and force the registration of the connector (in case you change the password for your web access), as the most crucial part is to synchronize your web account with the connector.
Indeed, the online documentation provided is very rich and collaborative, and allows the resolution of such issues quickly. A good point for Tripwire SecureScan. We continue on the Wizard setup for the Scan Profile:
This step allows the user to enable scanning for vulnerabilities and TCP / UDP protocols. Again, Tripwire focused on the simplicity of use, and this step does not require advanced information about the type and categories of vulnerabilities. The next step gives the user the ability to configure the Authenticated Scans:
For a free scanning tool, this feature is quite rich and allows for authentication a wide range of devices with basic different modes (Windows, SSH, SSH Key, Web, etc…), so it is more than adequate to audit servers and networked machines, and it also detects Heartbleed vulnerabilities.
The scan session can also be delayed or executed on a recurring basis with a scheduler, which is a big plus for a free tool hosted in the cloud:
This was the last step of the setup Wizard. It all took less than 60 seconds to complete:
Once the scan is running, a progress bar indicates the status of the scan (the scan is authenticated here on one of my routers):
At this stage, the application will notify you when the scan is finished by way of an email. The results are provided in a report that is exportable in PDF, CSV or XML – an excellent opportunity to integrate findings into your Vulnerability Management solutions. A basic graph also gives a notion of Average Risk:
The report is very well presented with graphs and explanations on how to mitigate the identified risks:
The Tripwire SecureScan solution helps identify and validate vulnerabilities in your network using a cloud-based technology. Its best features are the ease of use and the conviviality. With just a few clicks the user can get an overall view of their network security status.
The risk assessment provided is based on the “Average Risk Score,” which might be a little confusing at first, but that’s where the documentation comes to the rescue. The Average Risk Score introduces a new model to overcome limitations of CVSS and other scoring systems. Tripwire should really discuss it more with the community, as it is a very promising project itself.
During the scan for vulnerabilities in configuration, there is no indication of the type of scanned vulnerabilities and categories though. The details experts might be disappointed, as the vulnerabilities are mapped with a proprietary Tripwire ID instead of standard CVEs.
This is one of the cons I identified, since penetration testers and auditors normally rely on the CVEs to validate the findings. They are subsequently provided once you click on the Tripwire ID for more information:
Tripwire SecureScan is certainly the first free cloud-based solution ever, and the few missed features are available definitely with the Tripwire IP360 enterprise solution.
Overall ToolsWatch Rating : 4 / 5
Features: 4 / 5
Advanced Configuration: 3 /5
Ease of Use: 5 / 5
Reporting: 3 / 5
Documentation: 5 / 5
Cost: 5 / 5
About the Author: Nabil Ouchn (@toolswatch) is the founder of ToolsWatch.org and the organizer of the Arsenal Tools exhibit at the BlackHat Conferences in both the US and Europe since 2011. ToolsWatch is a free interactive service designed to help auditors, penetration testers, and other security professionals keep their ethical hacking toolbox up to date with the latest and greatest resources. Ouchn has over 15 years of experience in vulnerability management, compliance assessment and penetration testing, and Co-Founder of an innovative SaaS Multi-Engines Threats Scanning Solution. As part of his research, Ouchn maintains several projects, including Default Password Enumeration (DPE), the open source correlated & cross-linked vulnerability database vFeed, and the Firefox Catalog of Auditing exTensions called FireCAT.
Editor’s Note: The tool Tripwire SecureScan is no longer in use. For more information, please refer to Tripwire IP360 instead.
- Tips and Tools to Bolster Small Business Information Security
- Free Computer Tools for Internet and Browser Forensics
- CyberLens: The New Tool Suite for Critical Infrastructure Security
- Top Five Hacker Tools Every CISO Should Understand
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download.
Title image courtesy of ShutterStock