Compliance Monitoring

Nessus UNIX Configuration Auditing "sudo" Support

by Ron Gula on January 31, 2008

Tenable's research group recently added support to all SSH enabled UNIX configuration audits to make use of "sudo". Support is available in version 1.4.4 of the UNIX compliance checks. Some organizations explicitly prohibit remote "root" logins to their UNIX servers. However, many of these organizations do allow a "non-root" login which has access to the "sudo" command. The "sudo" facility allows a non-root user to run specific restricted commands at the root level. Activity related to "sudo" can be logged as well. When Nessus logs into a UNIX host via SSH, if the remote account used to login...

NIST FDCC Implementor's Workshop Notes

by Ron Gula on January 25, 2008

I attended the January 25th, NIST Federal Desktop Core Configuration Implementers Workshop this past week and wanted to share some of my thoughts and take-aways from it. Some Organizations Were Already Close to FDCC Several CSO/CTO speakers from a variety of different federal agencies spoke about how they went about doing a gap analysis between their current configuration policies and those of the FDCC. The trend seemed to be that of the ~700 Microsoft settings covered by FDCC, if an organization didn't comply, the gap was between 10-20 specific settings that were not covered. This means that...

Updated Windows Compliance Auditing

by Ron Gula on January 16, 2008

Previously we've blogged about upcoming changes to how Nessus Direct Feed and Security Center users perform configuration audits of Windows servers and desktops. Version 2 of the Windows Compliance configuration audit plugin is now available. Nessus Direct Feed and Security Center users should log into the Tenable Support Portal and obtain version 2 of any published audit policies. Nessus users should then update their plugins and make use of these new policies in their Windows configuration audits. Security Center users should place any updated policies in the /opt/sc3/admin/nasl directory...

Version 2 of Windows Compliance Checks Available for Testing

by Ron Gula on December 19, 2007

Direct Feed and Security Center customers who use Nessus to perform configuration audits of their Windows computers can now beta test an upgrade of this technology. The upgrade provides enhanced auditing features, increased speed and is Tenable's foundation for compliance with NIST SCAP auditing requirements when auditing Microsoft platforms. This blog entry discusses the new features of the upcoming release, the release schedule for this update, how customers can participate in the beta test today. Scope and Release Schedule Plugin # 21156 (named the compliance_check.nbin plugin) is used by...

Exceeding CIS and NIST Benchmarks - Third Party Patch Auditing

by Ron Gula on November 26, 2007

For organizations that actively keep track of and manage their base operating system patches and configurations, a somewhat lofty goal is to try and tighten down third party patches. Organizations can have all Microsoft patches installed and their systems hardened to NIST , CIS and vendor recommendations, and still have major exposure and security issues issues tracking down open source, freeware and third party applications. This blog entry discusses some of the pain points in managing these third party applications and some ways to scan for them with Nessus and the Passive Vulnerability...

Windows XP Professional CIS Certified Configuration Audits

by Ron Gula on November 19, 2007

Tenable Network Security has received certification for the Nessus vulnerability scanner and Security Center to perform Center for Internet Security configuration audits of the Windows XP operating system. This blog entry discusses the new audit policies, an upcoming webinar on how to use these polices and making use of these with the Nessus Client and Security Center. Certified Audit Policies for XP Pro New audit files are available to all Direct Feed and Security Center customers at the Tenable Customer Portal. Four new audit polices are now available: XP Pro Enterprise Desktop XP Pro...

Why Aren't Any NAC vendors CIS Certified or speaking XCCDF?

by Ron Gula on September 27, 2007

I was asked this question by a customer of ours at the recent NIST SCAP conference and I'm loosely paraphrasing: "We use Nessus and the Security Center to audit 1000s of workstations and laptops for compliance against CIS and eventually NIST SCAP policies. I'd like to be able to have a NAC enforce compliance against CIS policies and the new FDCC policy, but haven't found any to accomplish this yet. Do you know of any?" Quick Background If you are not a regular reader of this blog, CIS is the Center for Internet Security . They work with a community of vendors and users to build a consensus of...

Using Nessus Configuration Audits To Test FDCC Compliance

by Ron Gula on September 25, 2007

Tenable has recently announced FDCC audit policies for Nessus ProfessionalFeed and Security Center users. These policies help government organizations test Windows XP Pro and Vista desktops against OMB's required configuration settings . This blog entry describes how this testing can be performed with Nessus against the reference Windows XP Pro FDCC virtual machine image. Required Materials or Software The following resources are required to perform this testing: To perform this test, you need a virtual machine player such as VMware or Virtual PC. This will be used to run the virtual disk...

CIS Certification for Solaris and SuSE Linux audits

by Ron Gula on September 4, 2007

Tenable Network Security has received certification from the Center for Internet Security to perform configuration audits of the Solaris 9 and SuSE Linux 9 operating systems. Audits can be performed with Nessus 3 scanners subscribed to the Direct Feed as well as by enterprise networks with the Security Center . To obtain these audit polices, please log into your Tenable Support Portal account and download them from the 'Download CIS Compliance and Audit Files' section. To review all of Tenable's certified CIS audit polices, please view this CIS web link . All CIS certified audit polices are...

Solaris PCI Audits and other Updates

by Ron Gula on August 20, 2007

Tenable Network Security has released a Solaris audit policy for PCI 1.1 configurations. We've also released a new SuSE Linux best practices audit policy and have updated several others. These are all available to Tenable Direct Feed and Security Center customers through the Tenable Support Portal . A specific list of what is now available is as follows: PCI_Linux.audit (Version 1.0.7) This is an update to the existing .audit file which checks for a few more settings, such as if the network time protocol is enabled. It is available under 'Downloads' and then 'Download Configuration Audit...

Pages