Finding Sensitive Data as a Consultant with Nessus
August 29, 2007There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. Another valuable service that can be perf...
Upcoming Conferences and Speaking Engagements
August 24, 2007There are a few events occurring before the end of the year that Tenable will be participating in: 2007 DHS Security Conference and WorkshopBaltimore Maryland, August 27-30, 2007I will be speaking a...
Solaris PCI Audits and other Updates
August 20, 2007Tenable Network Security has released a Solaris audit policy for PCI 1.1 configurations. We've also released a new SuSE Linux best practices audit policy and have updated several others. These are al...
An Evening With a Friend
August 14, 2007Several weeks ago, a good friend of my family who is a lawyer for an application hosting company and I were speaking about network security and I brought up Nessus. "Can you scan one of our hoste...
CIS Certified Windows 2003 Member Server Audits
August 10, 2007Tenable Network Security was recently awarded Center for Internet Security (CIS) certification to perform audits of Windows 2003 Member Servers through Nessus Direct Feed and/or Security Center agent...
Federally Mandated Configuration Settings for XP and Vista
August 8, 2007The Office of Management and Budget recently released new configuration guidelines for Windows XP and Vista that all Federal agencies need to adopt by February 1, 2008. The guidelines are known as the...
Finding Vulnerabilities Older than 30 Days
August 6, 2007"30 Days" seems to be the default amount of time organizations look for vulnerabilities to be patched by. Version 1.1 of the Payment Card Industry standard specifically states a 30 day time ...
Recent Content and Product Updates
August 3, 2007Over the past few weeks, we've released several new tools, Nessus audit policies, Log Correlation Engine log parsers and Log Correlation Engine TASL scripts. A summary of these releases is provided be...
SpreadSheets of Excitement and Convenience
July 30, 2007I've been at several conferences and forums where a panel of CIOs or CSOs gives their guidance about enterprise risk and compliance reporting.  When asked which products are up to the task, as ea...
Nessus 3.2 BETA -- Example 'nessuscmd' usage
July 20, 2007The BETA of Nessus 3.2 includes support for a new command line method to invoke quick Nessus scans. This blog entry details some interesting examples for port scanning, operating system identification...
CVSS Version 2 Scoring with Nessus and the Passive Vulnerability Scanner
July 19, 2007On Wednesday, August 15th, 2007, Tenable Network Security will begin converting CVSS base scores for Nessus and the Passive Vulnerability Scanner (PVS) plugins from version 1 to version 2. This blog e...
Blacklist Domain Alerting in Proxy Logs
July 19, 2007Tenable's Research group has released a new Log Correlation Engine TASL script which processes web proxy logs and alerts when specific domains are visited. The script is named blacklist_domain.tasl an...