Tenable Network Security Podcast Episode 195 - "Critical AND Exploitable"

by Paul Asadoorian
January 23, 2014

Welcome to the Tenable Network Security Podcast Episode 195

Announcements

Discussion & Highlighted Plugins

  • Discovering New Hosts - At a recent presentation, someone asked me how one can detect new hosts. Tenable has many products that work towards detecting new hosts. One can do this passively by monitoring network traffic with PVS, via Nessus by enumerating virtual machines from virtualization servers, and by looking at the logs collected by LCE. How do you pull all this information together and act on it?
  • Critical AND Exploitable - Severity rating vulnerabilities is tricky business. How do you rate the risk? The threat? What's the difference? Math aside, there is something to be said for a vulnerability in your environment. One thinks we should fix all of these ASAP, or should we?
  • Scanning the ICS Village - Recently, we scanned an entire lab of security products and SCADA devices. The results were impressive. We generated more than 3GB of network traffic, and all scans completed successfully and enumerated several vulnerabilities. While some of the SCADA plugins were written some time ago, they are still very effective at enumerating vulnerabilities against SCADA devices, and even support ModBus. Read the full post.

Nessus

Passive Vulnerability Scanner

SecurityCenter Apps

Dashboards

Reports

Security News Stories

  1. Hacking Risk Grows for Outdated ATMs
  2. Apple's Very Different BYOD Philosophy
  3. A Walk Through the ICS Village
  4. HealthCare.gov security -- 'a breach waiting to happen' | Security & Privacy - CNET News
  5. Microsoft will furnish malware assassin to XP users until mid-2015
  6. Hacker Turns Mouse Into a Webcam
  7. Introduction to Anti-Fuzzing: A Defence in Depth Aid | NCC Group
  8. The Changing Face Of The IT Security Team