Compliance Monitoring

Are you better off with FDCC? How do you know?

by Ron Gula on June 5, 2009

Over the past few months, I’ve had the chance to speak with many different federal government customers who have rolled out FDCC compliance programs. These programs feature central management and auditing of large numbers of desktop configurations. A few years ago, I heard a government administrator proclaim that “satellites would fall out of the sky” when these settings went in place, but recently, I hear federal executives speak about a reduction in volume of help-desk calls and fewer virus outbreaks. So how do you know if FDCC is working for your organization?

This blog discusses some key issues to consider when looking at FDCC or any other type of configuration auditing guidelines. I often ask potential customers, conference speakers and federal CIOs the following questions. The answers I receive often provide clues into how effective the overall FDCC program is.

Auditing Linux, Apache, & MySQL Against CIS Benchmarks

by Paul Asadoorian on April 22, 2009

Stacking Up to CIS Benchmarks

The Center for Internet Security (CIS) establishes consensus benchmarks for a large variety of applications and operating systems. These benchmarks are a valuable aid to evaluate the security of your systems. Tenable has produced a number of Nessus audit files that have been certified by the Center for Internet Security to perform audits against the CIS standards. These audit files are available to ProfessionalFeed and Security Center customers through the the Tenable Support Portal.
To use these audit files, you will need to provide Nessus with credentials to login to the target host to compare the configuration against the CIS standards. Scans that use login credentials run much faster than network-based scans and the results often provide more detailed vulnerability
findings and information on configuration issues.

Detecting Manually Compiled Network Daemons

by Ron Gula on September 22, 2008

Nessus plugin #33851 (Network daemons not managed by the package system) is a credentialed check that audits each of the server processes on the audited Linux system. If the running process is not part of a known system package, the plugin reports that the program is the result of a hand-compiled solution. Below is a screen shot of the plugin detecting a hand compiled httpd program:

WMI Based Compliance Checks

by Ron Gula on July 31, 2008

Tenable's Research group recently added the ability to perform WMI (Windows Management Instrumentation)  queries to Windows servers and desktops as part of a Nessus configuration audit. These new features allow for rapid and in-depth auditing of a wide variety of configuration settings that are only available through WMI. This blog entry describes how the new API works, and includes several examples.

Full Su/SuDo support for UNIX Configuration Audits

by Ron Gula on July 7, 2008

Previously, Tenable announced that full su/sudo support for UNIX host-based checks was now supported by Nessus 3.2 but that UNIX configuration audits did not have access to this feature. With the latest release of the unix_compliance_check.nbin file (version 1.5.8), full support for su and sudo while performing UNIX compliance audits is now supported. This blog entry discusses this and several other new features.