Tenable Network Security Podcast Episode 169 - "Windows Wireless Networks List, Apache Backdoor Detection"
by Paul Asadoorian
May 15, 2013
by Paul Asadoorian
May 15, 2013
by Paul Asadoorian
May 10, 2013
by Paul Asadoorian
May 9, 2013
Tuning your Nessus scan policy can yield great results. Tenable has added a new Nessus plugin which will analyze the scan results for your environment and the scan settings that were used, and then suggest improvements for a better audit.
by Paul Asadoorian
May 7, 2013
Nessus 5.2.1 is available for download.
by Paul Asadoorian
May 7, 2013
Keeping tabs on missing patches is one of the challenges faced by everyone responsible for managing systems. Regardless of platform, there are a plethora of patches to be applied. The new Nessus “Patch Report” plugin provides an actionable report that displays a list of consolidated patches that need to be applied to become fully patched.
by Paul Asadoorian
May 6, 2013
To help you discover all the components of your virtual environment, Tenable has several Nessus plugins to detect virtualization servers, discover vulnerabilities, and enumerate VMs (both active and inactive). Nessus supports remote vulnerability identification and local patch auditing of VMware vSphere ESX/ESXi and vCenter.
by Marcus J. Ranum
May 3, 2013
For a field that loves statistics, computer security sure treats them casually. In order to get my humble BA in Psychology, I absorbed my share of course hours in statistics and testing methods, including a set of lectures based upon Darrell Huff's brilliant book, "How to Lie with Statistics" - which I highly recommend. It's fun easy reading satire - those lectures had the effect of making me hyper-skeptical about any large, round, number that's thrown my way.
by Paul Asadoorian
May 2, 2013
by Ron Gula
April 29, 2013
When I was at RSA earlier this year, I gave a variety of media interviews and product demos about Tenable solutions. I demonstrated Nessus detecting malicious processes and the Passive Vulnerability Scanner (PVS) providing an audit trail of all network activity that led up to the infection. I also showed how the Log Correlation Engine (LCE) correlated PVS logged DNS queries to known botnets.
by Marcus J. Ranum
April 25, 2013
I have no idea if I had a role in the "Internet Kill Switch" debacle, but it's possible that I was one of the pushes that got that particularly horrible ball rolling. Back in 2002, when I was between jobs, I did a talk at CSI in Chicago, about the need for organizations to be better able to react to attack, especially if they were part of critical infrastructure. At the time, I was concerned particularly with denial of service attacks; I had been thinking about them and had concluded that it's never going to be possible to completely prevent such attacks.