Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system and database information from a SharePoint server farm and compares it against the settings specified in the DISA STIG guide for Microsoft SharePoint 2010 servers. This blog entry discusses some of the Nessus functionality that was used to create the audit file.
SSL is one of the most commonly used protocols to provide encryption for a variety of different applications. As such, it has come under great scrutiny over the years. While SSL misconfiguration is commonplace, one of the more recent attacks against SSL is to steal the Certificate Authority (CA) certificate. (In a paper released in July 2012, NIST warned that this type of attack would increase). Access to this certificate allows the attacker to issue valid certificates, and in the case of a code-signing certificate, use it to sign malware. Malware executing with this level of trust increases the chances of successfully being installed on the system. Other CA certificates are used to generate website certificates used by attackers to impersonate secure access to a given website.
Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit device configurations based on Cisco Nexus Operating System (NX-OS). Cisco NX-OS runs on high-end Nexus switches, MDS storage switches, and Cisco UCS networking. This audit follows most of the recommendations that are included in the Cisco Guide to Securing Cisco NX-OS Software Devices. This blog entry discusses some of the Nessus functionality that was used in creating the audit file.
Samsung is not the most well-known printer manufacturer in the world (although they hold 28.5% of the consumer TV market). However, they manufacture a full line of printers and multi-function devices for both home and business use. Samsung also manufactures "some" printers for Dell, though an official list is currently unknown.
Nessus supports vCenter integration, enabling patch checking for enterprise virtualization environments.
Recently, new plugins for Nessus were released which add support for VMware's vCenter product. Nessus users can now enter credentials for vCenter servers, allowing Nessus to perform patch audits against all of the ESXi servers being managed by vCenter. Configuring the scan simply requires a Nessus policy to be created with the appropriate credentials: