Nessus

New Nessus Compliance Checks Available for Check Point GAiA

by Paul Asadoorian
November 12, 2012

Keeping Your Firewalls in Check

Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.

Using SSL to Secure Your Vulnerability Data

by Paul Asadoorian
November 6, 2012

The Benefits of Proper SSL Configuration

Protecting your vulnerability data from unauthorized users, whether the threat comes from external attackers or malicious insiders, is an important part of a vulnerability management program. Nessus allows users to configure SSL to provide both privacy and authentication. SSL can be configured locally or integrated into your own PKI infrastructure, allowing Nessus to be compliant with in-house security policies and standards.

Nessus Scanning Windows 8 Hosts

by Paul Asadoorian
October 30, 2012

Windows8

The new Windows 8 interface provides a very different user experience than past Microsoft operating systems. Nessus can enumerate and detect vulnerabilities on Windows 8 hosts.

Recently, Microsoft made several announcements surrounding new technology, including a new operating system (Windows 8) and a new tablet platform called "Surface." Windows 8 will present a new interface and several new changes under the hood. They're an offshoot of the new platform called Windows RT, a small, fast, and lightweight version designed to run on ARM-based tablets. In fact, this is much of the reason behind the concept of Windows 8 -- it’s meant to run on tablets and touch screens. Windows Phone 8 is the new OS for Windows-based phones, such as those from Nokia.

Uncovering SSL Anomalies In Your Network Using SecurityCenter

by Paul Asadoorian
October 23, 2012

Looking in More than One Place

Nessus, PVS, and LCE offer several methods for auditing SSL protocol usage on your network(s). SSL is commonly used to secure websites, but also protects email, file sharing, and many other services. This post lists some generic SSL capabilities found in all Tenable products, and shows how you can combine them to generate useful reports and dashboards.

On the vulnerability identification side, Nessus uncovers many issues with SSL certificates, such as outdated certificates, unsigned certificates, and much more (see the screenshot below for more examples). SSL implementations shipped with appliances often use unsigned certificates, and rely on the administrator to install their own valid certificate. Without a properly signed certificate, man-in-the-middle attacks become considerably easier. If you’re an e-commerce shop, improper SSL implementations will also cause you to become non-compliant with PCI DSS standards.

SSLNessuplugins sm

A sample of Nessus plugins associated with identifying problems with SSL certificates. (Click for larger image)

#1 Nessus is an Enterprise Tool - Top Ten Things You Didn't Know About Nessus

by Paul Asadoorian
October 18, 2012

The final installment in our "Top Ten Things You Didn't Know About Nessus" video series describes how Nessus is used in the enterprise. Additional products from Tenable, such as, SecurityCenter, the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), are used to fill the gaps and extend the functionality of your vulnerability management program.

The video covers how you can overcome problems such as:

Nessus Patch Management Integration Now Supports IBM Tivoli Endpoint Manager

by Paul Asadoorian
October 16, 2012

Nessus and SecurityCenter now support Tivoli Endpoint Manager (TEM) as a patch management platform in which patch-level information can be extracted for given scan targets.

Nessus Patch Management Support

We are pleased to announce new support for IBM Tivoli Endpoint Manager (TEM) for Patch Management (formerly known as BigFix). This new capability allows us to use the information gathered by TEM from systems where we may not have credentials or we’re unable to reach such systems over the network. The TEM integration is configured similarly to our integration with other patch management solutions where credentials and the server IP address/hostname are provided so Nessus can retrieve the patch information for the hosts targeted in the scan.

In addition to TEM, Nessus and SecurityCenter also integrate with the following popular patch and system management solutions:

  • Microsoft Windows Server Update Services (WSUS)
  • Microsoft System Center Configuration Manager (SCCM) 2007
  • Red Hat Network Satellite Server
  • VMware Go (formerly known as Shavlik)

In order to make use of this feature, be certain you've configured TEM properly. Refer to this discussion post for more information and instructions.

Nessus HTML5 Interface Beta Available!

by Paul Asadoorian
October 11, 2012

Until now, the Nessus interface has been using Flash, which has a number of advantages as a development platform, but also has a lot of drawbacks. One of the reasons we implemented a Flash interface for Nessus was that Flash "behaves the same on every browser" (which turns out is not always the case), and it was reasonably fast to run the client (it's now outperformed by the newest javascript engines). Flash also doesn't offer a good "mobile" user experience, if at all. So, it makes sense to use a standard-based technology, and we're moving to HTML5.

So we've released the HTML5 interface as a public beta -- the default Nessus interface will still be Flash for now, but if you connect to your scanner using a browser which doesn't have Flash installed, or if you go directly to the correct URL, you'll have the option to use the beta version of the HTML5 client.

The HTML5 beta interface is available immediately by accessing the URL https://localhost:8834/html5.html (where localhost is the IP address or domain name of your Nessus server). Simply make sure your Nessus plugins are up-to-date.

Auditing Open Ports on Windows Systems Using Nessus

by Paul Asadoorian
September 26, 2012

Tenable recently released three new checks used for auditing the configurations of Windows systems. The new configuration auditing options allow users to audit open ports. This post provides details about the three new checks, and describes how Nessus users could use them to maintain tight control over the number of open ports on their Windows systems.

1. AUDIT_ALLOWED_OPEN_PORTS


This check allows users to audit the list of open ports against an "allowed" list of ports that can be open on a target. For example, let’s assume there is a company policy to only allow SMB ports 445 and 139 to be open on a target. The resulting configuration audit would look as follows:
&ltcustom_item&gt
type : AUDIT_ALLOWED_OPEN_PORTS
description : "Audit TCP Open Ports"
value_type : POLICY_PORTS
value_data : "445,139"
port_type : TCP
&lt/custom_item&gt

Pages