CVSS Version 2 Scoring with Nessus and the Passive Vulnerability Scanner
July 19, 2007On Wednesday, August 15th, 2007, Tenable Network Security will begin converting CVSS base scores for Nessus and the Passive Vulnerability Scanner (PVS) plugins from version 1 to version 2. This blog e...
Blacklist Domain Alerting in Proxy Logs
July 19, 2007Tenable's Research group has released a new Log Correlation Engine TASL script which processes web proxy logs and alerts when specific domains are visited. The script is named blacklist_domain.tasl an...
Detecting the Apple iPhone and other 'Shadow IT' Technology
July 17, 2007While reading the 'Declaration of Interdependence' series of articles in the July 1st issue of CIO Magazine (including an additional online article named 'Users Who Know Too Much and the CIOs Who Fear...
Tenable Employment Opportunities
July 13, 2007Normally, we focus on the technical usage of the products at Tenable, but we have a number of open positions I'd like to make people aware of. If you are a regular BLOG reader, you might enjoy working...
Can I use Nessus to perform PCI audits?
July 12, 2007Tenable's sales and support groups continue to get the following type of question:"I'm considering purchasing a scanning service from vendor XYZ and they claim to use Nessus. Are they certified b...
Detecting "Off Port" Services
July 9, 2007If you are attempting to perform network security monitoring in a large, unmanaged environment that has "poor" security, you are most likely dealing with botnets, phishing attempts, worms an...
PCI Configuration Audits with Nessus
July 3, 2007Tenable's Research group has produced two Nessus PCI configuration .audit files for both the Windows and Linux operating systems. These configuration checks are derived from specific recommendations a...
NessusClient 3.0 BETA
June 28, 2007Tenable Network Security has made available a BETA version of the new NessusClient 3.0. This Nessus client can be used to connect to any Nessus scanner and perform scans, manage scan policies and anal...
LM/NTLM Hash Support for SMB Credentials
June 27, 2007Tenable Network Security's Research staff recently added the ability to use LanMan/NTLM hashes as a form of credentials for Windows audits. If you use Nessus as a penetration testing tool, this allows...
Using the 'nasl' Nessus Command Line Tool
June 27, 2007This blog entry will discuss the usage of the Nessus nasl binary tool. It will also discuss which plugins work well with the tool, how credentials and other information can be supplied at scan time an...
Nessus 3.0.6 Available
June 26, 2007Tenable Network Security has released version 3.0.6 of the Nessus Vulnerability Scanner which fixes a variety of performance issues and bugs. It also includes a security fix for a cross site scripti...
Tracking Users Through Logs and Network Activity
June 23, 2007Tenable's research group has released a TASL correlation script for the Log Correlation Engine (LCE) that automatically associates learned user accounts with IP addresses. This enables historical trac...