Detecting the Apple iPhone and other 'Shadow IT' Technology
July 17, 2007While reading the 'Declaration of Interdependence' series of articles in the July 1st issue of CIO Magazine (including an additional online article named 'Users Who Know Too Much and the CIOs Who Fear...
Tenable Employment Opportunities
July 13, 2007Normally, we focus on the technical usage of the products at Tenable, but we have a number of open positions I'd like to make people aware of. If you are a regular BLOG reader, you might enjoy working...
Can I use Nessus to perform PCI audits?
July 12, 2007Tenable's sales and support groups continue to get the following type of question:"I'm considering purchasing a scanning service from vendor XYZ and they claim to use Nessus. Are they certified b...
Detecting "Off Port" Services
July 9, 2007If you are attempting to perform network security monitoring in a large, unmanaged environment that has "poor" security, you are most likely dealing with botnets, phishing attempts, worms an...
PCI Configuration Audits with Nessus
July 3, 2007Tenable's Research group has produced two Nessus PCI configuration .audit files for both the Windows and Linux operating systems. These configuration checks are derived from specific recommendations a...
NessusClient 3.0 BETA
June 28, 2007Tenable Network Security has made available a BETA version of the new NessusClient 3.0. This Nessus client can be used to connect to any Nessus scanner and perform scans, manage scan policies and anal...
LM/NTLM Hash Support for SMB Credentials
June 27, 2007Tenable Network Security's Research staff recently added the ability to use LanMan/NTLM hashes as a form of credentials for Windows audits. If you use Nessus as a penetration testing tool, this allows...
Using the 'nasl' Nessus Command Line Tool
June 27, 2007This blog entry will discuss the usage of the Nessus nasl binary tool. It will also discuss which plugins work well with the tool, how credentials and other information can be supplied at scan time an...
Nessus 3.0.6 Available
June 26, 2007Tenable Network Security has released version 3.0.6 of the Nessus Vulnerability Scanner which fixes a variety of performance issues and bugs. It also includes a security fix for a cross site scripti...
Tracking Users Through Logs and Network Activity
June 23, 2007Tenable's research group has released a TASL correlation script for the Log Correlation Engine (LCE) that automatically associates learned user accounts with IP addresses. This enables historical trac...
CIS Certification for Nessus Red Hat audits
June 22, 2007Tenable was recently awarded certification to perform Center For Internet Security (CIS) audits of Red Hat systems with the Nessus 3 scanner and Security Center. This blog entry discusses what ...
Passive Discovery of User Accounts
June 13, 2007The Passive Vulnerability Scanner's plugin rule base was recently updated with new logic to recognize a variety of client-side account information for services such as AIM, MySpace and many others...