Tenable Product Usage

How to perform a full 65,535 UDP and TCP port scan with just 784 Packets

by Ron Gula
September 17, 2008

Nessus has the ability to perform full port scans on UNIX and Windows systems by leveraging credentials. For UNIX systems, the “netstat –an” command is invoked and the results used to mark each reported TCP or UDP port open in the Nessus knowledge base. For Windows systems, WMI is used to identify each open port in a similar manner.

Enhanced AIX and SuSE Auditing

by Ron Gula
January 14, 2008

Tenable Network Security's research group recently introduced support for credentialed patch auditing of SuSE Enterprise 9 and 10 for both the Server and Desktop editions. Plugins which support patch auditing of these operating systems have been available to Registered Feed, Direct Feed and Security Center users since late 2007.

SpreadSheets of Excitement and Convenience

by Ron Gula
July 30, 2007

I've been at several conferences and forums where a panel of CIOs or CSOs gives their guidance about enterprise risk and compliance reporting.  When asked which products are up to the task, as each vendor in the audience is leaning forward on the tip of their chair hoping for a free product placement, the answer most commonly is -- Excel.

Detecting "Off Port" Services

by Ron Gula
July 9, 2007

If you are attempting to perform network security monitoring in a large, unmanaged environment that has "poor" security, you are most likely dealing with botnets, phishing attempts, worms and Trojans. Many of these threats install some sort of FTP, SSH or Web server as a backdoor or drop point on a port other than the typical default port. Discovering these on your network may help you find compromised servers, or even administrators who are trying to bypass firewall rules.

Auditing Secure Shell - Part I

by Ron Gula
May 31, 2007

This blog entry outlines a wide variety of audits and monitoring techniques that can be used to keep watch over the Secure Shell applications in use on your network.

Detecting SPAM From Inside your Network

by Ron Gula
May 17, 2007

We all receive and are annoyed by the amount of "SPAM" email in our in-box. One way to fight SPAM is to monitor large networks for evidence of compromised hosts that are being used to email out unwanted content. This blog entry shows how passive network analysis and log analysis can be used to look for specific types of events that can indicate SPAM originating from inside your network.

Watch for Changes in the number of Email "Clients"