Tenable Network Security Podcast Episode 174 - "The Hostile Web, Vulnerability Management Tips"

Welcome to the Tenable Network Security Podcast Episode 174

Announcements

Discussion & Highlighted Plugins

The Web Is a Hostile Place

  • Updates this week for several browser-based technologies including the browsers themselves (Internet Explorer, Google Chrome) and several Adobe Flash versions on multiple platforms. This is no different from most weeks, begging the question of how we keep our desktops safe when browsing the web. Joe McCray demonstrated an interesting attack where other client-side applications, such as VLC, can be exploited from a web browser. Which technologies and procedures must we employ to protect our user's desktops? For SecurityCenter customers, Tenable released the Desktop Application Vulnerability Dashboard, which helps customers get a handle on all the applications installed. What do we do with the information in this dashboard to be more effective at preventing desktops from becoming compromised?

Continuous Monitoring for Nessus Home Users

  • We recently added the ability for Nessus scanners registered with HomeFeed to perform scheduled scans and have elegant summaries emailed to you. Previously, scheduled scanning with Nessus was limited to ProfessionalFeed and SecurityCenter. The combination of scan scheduling, email notifications, and remediation reports is beneficial to a home user with just a few computers all the way up to enterprises with thousands of desktops.

Vulnerability Management Key Points

  • Ron Gula and I provided recommendations for improved vulnerability management, including scanning more often and tips for presenting to management. What are the highlights of this subject, and what can users take back to their environments to be more effective?

New & Notable Plugins

Nessus

General

Passive Vulnerability Scanner

SecurityCenter Dashboards and Report Templates

Security News Stories

  1. EMET 4.0 is now available for download
  2. Wall Street to Host a Simulated Cyber War
  3. DHS warns of vulns in hospital medical equipment
  4. Compliance Is Bad for Security
  5. The Value of a Hacked Email Account — Krebs on Security