UK NCSC Releases Nmap NSE Scripts to Discover Unpatched Flaws
The First SME Script Has Already Been Published.
The National Cyber Security Centre (NCSC) is a government organization in the United Kingdom that advises and supports the public and private sectors on how to prevent computer security threats. Its headquarters are in London, and it began operating in October 2016.
The agency is now announcing the release of NMAP Scripting Engine scripts to assist network defenders in searching for and fixing system vulnerabilities.
This is a collective approach between the NCSC and i100 (Industry 100), an effort that brings together industry and government professionals to find solutions to the current cybercrime landscape.
According to BleepingComputer, the scripts, written by i100 collaborators or cybersecurity researchers who want to share them with the general public, will be made public on GitHub via Scanning Made Easy (SME) project.
When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network.
Even when a scanning script is available, the agency notes that it can be difficult to establish whether it is good to operate, let alone whether it returns legitimate scan results.
According to them, Scanning Made Easy (SME) arose from their frustration with this issue and their interest in assisting network defenders in identifying and protecting vulnerable systems.
The NCSC will verify if the following conditions are met prior to adding new scripts to the SME collection:
- written for NMAP using the NMAP Script Engine (.nse).
- relate to one of the high priority vulnerabilities impacting the UK;
- conform to the metadata template;
- run in isolation, i.e. no dependencies and does not connect to other servers;
- be as close to 100% reliable in detection of vulnerable instances as is practicable, i.e. low false-positive rate;
- be as unintrusive (i.e. not transmit excessive network traffic) and safe as possible in the detection mechanism;
- be hosted on a publicly available repository or website;
- be made freely available under a permissive open source license;
- not to capture sensitive data, e.g., exposure of cyber security risk or personal;
- not to send data off the system upon which the script is run; and
- ability to write the output from the script to a file.
The First SME Script Has Already Been Published
As per BleepingComputer, the National Cyber Security Centre has already published the first SME script in cooperation with NCC Group (an i100 partner) to assist administrators in scanning for servers vulnerable to cyberattacks using 21Nails exploits that target Exim Remote Code Execution (RCE) flaws.
The UK government agency intends to release new Nmap scripts only for critical security flaws that are thought to be a priority on malicious actors’ hit lists.
With the help of intuitive and easy-to-use tools, NCSC’s new SME project’s objective is to make identifying vulnerable systems smoother.
We want SME to be as straightforward as possible to use, and also needs to be reliable. Providing a false sense of security, or false positives, doesn’t help make your systems safer, as you won’t be fixing the real security issues.
This is why SME scripts are written using the NMAP Scripting Engine (NSE). NMAP is an industry-standard network mapping tool that has been in active development for over 20 years.