SANS 2007 Top 20 Scanning and Report Policies
December 7, 2007Tenable has produced a variety of report templates and scanning polices for both the NessusClient 3.0 and the Security Center. This blog entry discusses coverage of the SANS Top 20 2007 Annual Update ...
Solaris Software Enumeration with Nessus
December 5, 2007Tenable's research group has released several hundred new plugins for Nessus in the last few days. One of them in particular is very useful for Solaris environments. Plugin #29217 enumerates all inst...
Exceeding CIS and NIST Benchmarks - Third Party Patch Auditing
November 26, 2007For organizations that actively keep track of and manage their base operating system patches and configurations, a somewhat lofty goal is to try and tighten down third party patches. Organizations can...
Windows XP Professional CIS Certified Configuration Audits
November 19, 2007Tenable Network Security has received certification for the Nessus vulnerability scanner and Security Center to perform Center for Internet Security configuration audits of the Windows XP operating sy...
A big red 'X'
November 13, 2007I was recently forwarded a link to a BBC video which demonstrates how a user on a wireless network can attack another user and break into their system. In the video, the attacker uses Nessus and Meta...
UNIX Patch Auditing Over Telnet
November 8, 2007One of the powerful features of Nessus is its ability to perform patch auditing for many different operating systems over many different protocols. Most Nessus users understand that Nessus supports UN...
Disabling Password Guessing attempts with Nessus
November 2, 2007As part of the more than 17,000 plugins available in the Nessus Direct and Registered plugin feeds, many of these look for common user name and password combinations. They will attempt to find adminis...
Nessus 3.2 beta - Automated Nessus Program Updates
October 26, 2007If you are a Nessus user, you are no doubt familiar with the process to subscribe your Nessus scanner to the Direct Feed or Registered Feed to automatically receive new vulnerability plugins produced ...
Passive SPAM Traffic Analysis
October 22, 2007This blog entry concerns passive network monitoring with both the Passive Vulnerability Scanner (PVS), as well as the Log Correlation Engine. Tenable's research group has recently introduced PVS rules...
Windows Operating System Detection via RDP
October 18, 2007Tenable Network Security's research group has released a new Nessus plugin which can make use of the Remote Desktop Protocol (RDP) to accurately detect Windows Vista, 2000 Server, 2003 Server and XP P...
Passive Vulnerability Detection & Web Application Vulnerability Assessment Seminar in Atlanta
October 18, 2007John Lampe, a senior security researcher for Tenable Network Security, will be presenting a talk and demonstration about passive network monitoring and web application vulnerability assessments. John'...
NessusClient 3.0.0 GA Release Available
October 15, 2007Tenable Network Security has officially released the GA version of the NessusClient 3.0.0. This new client can be used to manage scans and results from UNIX and Windows Nessus daemons. The major new f...