Vulnerability Tourism
June 11, 2007Wouldn't it be interesting to know which places you go to on the Internet or in your corporate network that have major vulnerabilities in real-time? How many of those customer portals, web sign-up for...
Nessus 3.2 BETA - New 3.1.4 point release
June 7, 2007Today, Tenable released Nessus 3.1.4 beta. Here are the main changes compared to Nessus 3.1.3 : 64 bit OS builds for Debian 4 and Red Hat ES 5 Fedora Core 7 build Improved support for IPv6. In particu...
Auditing Secure Shell - Part I
May 31, 2007This blog entry outlines a wide variety of audits and monitoring techniques that can be used to keep watch over the Secure Shell applications in use on your network. Examples for auditing SSH client a...
New Keywords and APIs for UNIX Compliance Checks
May 29, 2007Tenable has recently added several new APIs to the UNIX compliance checks. This blog entry discusses the new checks with several examples. These APIs are available to Direct Feed and Security Center u...
CIS "Best Practices" Certification For Nessus Audits
May 21, 2007Tenable was recently awarded certification to perform three different Center For Internet Security (CIS) Windows Domain Controller audits with the Nessus 3 scanner and Security Center. This blog entr...
Searching for "Classified" Content in Documents
May 18, 2007Sensitive government and military organizations classify their documents with familiar terms like "TOP SECRET" and also less well known terms like "NOFORN" (which means the data can't be shared with ...
Detecting SPAM From Inside your Network
May 17, 2007We all receive and are annoyed by the amount of "SPAM" email in our in-box. One way to fight SPAM is to monitor large networks for evidence of compromised hosts that are being used to email ...
Finding Snort Sensors
May 16, 2007Over the past few years, there have been several vulnerabilities disclosed about the Snort network intrusion detection sensor. I recently had a Tenable customer inquire for a strategy of "scannin...
Wireless SSID Enterprise Discovery
May 10, 2007Tenable's research group recently released a WMI based plugin for Nessus 3 that can determine the active wireless SSID for remote Windows devices. This allows an organization to obtain a list of activ...
Vista Configuration Auditing
May 4, 2007Tenable's research group has released a set of seven audit policies for the Vista operating system. These polices are based directly off of Microsoft's Windows Vista Security Guide. This blog entry di...
NIST Audit Policies for Nessus 3
April 30, 2007Tenable has released our first batch of audit policies which can test Windows 2000, 2003 and XP Pro systems for compliance with NIST best practice configuration standards. These ".audit" checks are c...
Asking Vista for its list of network interfaces
April 25, 2007Tenable's research group recently released plugin ID #24904 which speaks with the Link Layer Topology Discovery protocol. This is an Ethernet "layer 2" scan, so it is something you need to p...