CIS Certification for Nessus Red Hat audits
June 22, 2007Tenable was recently awarded certification to perform Center For Internet Security (CIS) audits of Red Hat systems with the Nessus 3 scanner and Security Center. This blog entry discusses what ...
Passive Discovery of User Accounts
June 13, 2007The Passive Vulnerability Scanner's plugin rule base was recently updated with new logic to recognize a variety of client-side account information for services such as AIM, MySpace and many others...
Vulnerability Tourism
June 11, 2007Wouldn't it be interesting to know which places you go to on the Internet or in your corporate network that have major vulnerabilities in real-time? How many of those customer portals, web sign-up for...
Nessus 3.2 BETA - New 3.1.4 point release
June 7, 2007Today, Tenable released Nessus 3.1.4 beta. Here are the main changes compared to Nessus 3.1.3 : 64 bit OS builds for Debian 4 and Red Hat ES 5 Fedora Core 7 build Improved support for IPv6. In particu...
Auditing Secure Shell - Part I
May 31, 2007This blog entry outlines a wide variety of audits and monitoring techniques that can be used to keep watch over the Secure Shell applications in use on your network. Examples for auditing SSH client a...
New Keywords and APIs for UNIX Compliance Checks
May 29, 2007Tenable has recently added several new APIs to the UNIX compliance checks. This blog entry discusses the new checks with several examples. These APIs are available to Direct Feed and Security Center u...
CIS "Best Practices" Certification For Nessus Audits
May 21, 2007Tenable was recently awarded certification to perform three different Center For Internet Security (CIS) Windows Domain Controller audits with the Nessus 3 scanner and Security Center. This blog entr...
Searching for "Classified" Content in Documents
May 18, 2007Sensitive government and military organizations classify their documents with familiar terms like "TOP SECRET" and also less well known terms like "NOFORN" (which means the data can't be shared with ...
Detecting SPAM From Inside your Network
May 17, 2007We all receive and are annoyed by the amount of "SPAM" email in our in-box. One way to fight SPAM is to monitor large networks for evidence of compromised hosts that are being used to email ...
Finding Snort Sensors
May 16, 2007Over the past few years, there have been several vulnerabilities disclosed about the Snort network intrusion detection sensor. I recently had a Tenable customer inquire for a strategy of "scannin...
Wireless SSID Enterprise Discovery
May 10, 2007Tenable's research group recently released a WMI based plugin for Nessus 3 that can determine the active wireless SSID for remote Windows devices. This allows an organization to obtain a list of activ...
Vista Configuration Auditing
May 4, 2007Tenable's research group has released a set of seven audit policies for the Vista operating system. These polices are based directly off of Microsoft's Windows Vista Security Guide. This blog entry di...