Auditing Microsoft Office Configurations Using Nessus

by Paul Asadoorian on February 8, 2013

Microsoft® Office® is ubiquitous in today’s work environment. Although MS Office applications offer many security configuration options that can reduce the likelihood of exploitation, the default configuration settings typically don’t provide a strong security posture. The requirements and recommendations documented in common regulations and security guides are a great start to securing your Office installations. Tenable customers can also measure and evaluate the security of their Microsoft Office Suite environment using Nessus® and Tenable SecurityCenter™ audit compliance policy files.

New Nessus Plugins Audit Your Patch Management System Effectiveness

by Paul Asadoorian on January 30, 2013

Nessus integrates with many popular patch management solutions, including IBM Tivoli Endpoint Manager (TEM), Red Hat Network Satellite server, Microsoft WSUS / SCCM, and VMware Go. The new Nessus "Patch Management Windows Auditing Conflicts" and "Patch Management Auditing Satisfied" plugins automatically cross-reference vulnerabilities from credentialed patch audits with patch information from your patch management system on the same asset, reporting discrepancies in a single report.

Using Nessus to Audit Microsoft SharePoint 2010 Configurations

by Paul Asadoorian on January 23, 2013

Trust, but Verify Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system and database information from a SharePoint server farm and compares it against the settings specified in the DISA STIG guide for Microsoft SharePoint 2010 servers . This blog entry discusses some of the Nessus functionality that was used to create the audit file. Poll the typical office about what functionality SharePoint delivers, and the responses tend to be quite varied. Often, SharePoint first...

Tracking Wireless SSIDs Using Nessus

by Paul Asadoorian on January 14, 2013

Nessus has plugins that can pull out current (or previously used) wireless service set identifiers (WiFi SSIDs) that Windows and OS X systems have connected to in the past. The following plugins are used: Mac OS X Wireless Networks List (63340) - This new plugin reports a history of wireless networks used by the target system, and Windows Wireless SSID (WMI) (25197) - Using WMI, this plugin reports the existing wireless network the target host is currently using.

Detecting Compromised SSL Certificates Using Nessus

by Paul Asadoorian on December 13, 2012

When Thieves Target SSL Certificates SSL is one of the most commonly used protocols to provide encryption for a variety of different applications. As such, it has come under great scrutiny over the years. While SSL misconfiguration is commonplace , one of the more recent attacks against SSL is to steal the Certificate Authority (CA) certificate. ( In a paper released in July 2012, NIST warned that this type of attack would increase ). Access to this certificate allows the attacker to issue valid certificates, and in the case of a code-signing certificate, use it to sign malware. Malware executing with this level of trust increases the chances of successfully being installed on the system. Other CA certificates are used to generate website certificates used by attackers to impersonate secure access to a given website.

Configuration Auditing Cisco Nexus Operating System (NX-OS) with Nessus

by Paul Asadoorian on December 10, 2012

Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit device configurations based on Cisco Nexus Operating System (NX-OS). Cisco NX-OS runs on high-end Nexus switches, MDS storage switches, and Cisco UCS networking. This audit follows most of the recommendations that are included in the Cisco Guide to Securing Cisco NX-OS Software Devices. This blog entry discusses some of the Nessus functionality that was used in creating the audit file.

Plugin Spotlight: Samsung/Dell Printer Firmware SNMP Backdoor

by Paul Asadoorian on December 5, 2012

Samsung Printers Contain an SNMP Backdoor Samsung is not the most well-known printer manufacturer in the world ( although they hold 28.5% of the consumer TV market ). However, they manufacture a full line of printers and multi-function devices for both home and business use. Samsung also manufactures "some" printers for Dell, though an official list is currently unknown.

Nessus VMware vCenter Patch Auditing Now Available

by Paul Asadoorian on November 30, 2012

Nessus supports vCenter integration, enabling patch checking for enterprise virtualization environments. Recently, new plugins for Nessus were released which add support for VMware's vCenter product. Nessus users can now enter credentials for vCenter servers, allowing Nessus to perform patch audits against all of the ESXi servers being managed by vCenter. Configuring the scan simply requires a Nessus policy to be created with the appropriate credentials: