Tenable Blog

An off-port web server is one that doesn't run on the common ports of 80 or 443. Management consoles, development systems, devices that speak HTTP for their protocol and many other systems can run on any port, typically 8080 or 8443.

Recently, I had the chance to work with several larger Tenable enterprise customers who were charged with figuring out what the perimeter of their network really looked like.

I showed them how multiple Nessus scanners and Passive Vulnerability Scanners deployed throughout their infrastructure could be leveraged to provide near real-time visibility into every boundary or enclave.

Keeping Tabs On Patches

Let’s face it; we all have to deal with patches. Everyone from an IT systems administrator to your grandma has to face the challenges of patches. Whether you have a home computer that you use to browse the web, a phone that you occasionally check email from, or 10,000 enterprise desktops spread across three continents, you're dealing with patches. Regardless of your situation, you need to be able to answer two basic questions:

• Which patches are missing?
• Which patches have been successfully installed?

If you only have one computer in the house, it probably annoys you to some degree when it’s time to apply patches, indicating that you are in fact missing patches. This answers the first question above, but the operating systems themselves have few measures for success. There are many situations that cause patches to fail, or leave vulnerable software behind after an update, that can easily be missed by the average user. Your so-called "smart-phone" is even worse. Since most users do not connect their phones to their computers, or the carrier is blocking operating system updates, you may never be able to answer the first question (I guess that's one reason why RIM maintains a prominent presence in the enterprise, as they answer both questions very well with respect to Blackberry users in your environment). Never knowing that you even require patches to be installed is a big problem, as well as knowing if they even applied successfully.

A Much Larger Problem

Enterprises with 10,000 or more desktops exacerbate the problem of patch tracking. With so many devices that require patches, things are bound to go wrong! Lately I've been using dashboards in Tenable's SecurityCenter, and thanks to Tenable CEO/CTO Ron Gula, I have some interesting SecurityCenter 4.2 "dashboards" to help me track patches. Here's just one example:

Click for larger image

Download Tenablepodcast-episode85.mp3

Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

Announcements

Stories

• RSA finally comes clean: SecurID is compromised - It turns out to be true: attackers possess the seed values for the tokens and the encryption algorithm is already public. RSA says they withheld the information because they did not want to tell attackers how to implement attacks, but it turns out evil bad guys figured it out and used it to attack Lockheed Martin. RSA is now offering to replace all 40 million+ SecurID tokens worldwide. Ouch. This is a breach that cost RSA dearly, in terms of money and reputation.

  
Tenable Network Security is proud to announce the immediate availability of SecurityCenter 4.2. SecurityCenter is used to centralize and report on system and event data such as vulnerabilities, logs, NetFlow, configurations and more.