Tenable Product Usage

Finding Snort Sensors

by Ron Gula
May 16, 2007

Over the past few years, there have been several vulnerabilities disclosed about the Snort network intrusion detection sensor. I recently had a Tenable customer inquire for a strategy of "scanning" to find these Snort systems. This blog discusses some basic and more advanced ideas and issues on how to approach this with Nessus and the Passive Vulnerability Scanner.

Network Scanning of Passive Listening Devices

Active and Passive Teredo Detection with Nessus and PVS

by Ron Gula
April 17, 2007

Quoting directly from Microsoft's web site about Teredo:

"Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs)."

Auditing and Finding Virtual Machines

by Ron Gula
April 3, 2007

I was speaking with an attendee at the Mid Atlantic IANS Forum, and they had an issue tracking new virtual servers that were "popping up" all over their enterprise. They had a secondary problem in that many of these new OSes weren't properly licensed as they were all installed off of the same ISO. This blog entry discusses discovery of VMware systems with active and passive methods.

Nessus 3 Detection

Nessus 3 can help very much with this issue. Consider these two plugins:

Tenable Wednesday

by Ron Gula
March 21, 2007

Most readers should be familiar with the concept of "Microsoft Tuesday" as the day when Microsoft, and many other OS vendors, release security patch information. These releases occur on a regular basis. Because of this, we've had many Tenable customers configure their Security Center to automatically update Nessus and Passive Vulnerability Scanner plugins, perform a scan and then email a report on the following Wednesday.

Monitoring Telnet Security

by Ron Gula
March 3, 2007

With the advent of the current Solaris Telnet Worm, Tenable has had many requests and comments about not only finding the specific associated vulnerability, but how to monitor Telnet in general. This blog entry discusses the worm, how to scan for the Solaris 10 in.telnetd vulnerability and how to monitor your network for Telnet activity.

Scanning for the Solaris in.telnetd Vulnerability

Tenable has released three checks to discover this vulnerability on Solaris systems:

UDP Service and Vulnerability Enumeration

by Ron Gula
February 1, 2007

The User Datagram Protocol (UDP) transfers data much differently than the Transmission Control Protocol (TCP). Services that run on UDP can make use of the client and server model that TCP uses, but it can also transfer data without an established connection and send data to multiple computers with a single packet.

Optimizing Enterprise Nessus Scans for Speed

by Ron Gula
January 29, 2007

Tenable often receives requests for advice and strategies to help very large organizations decrease their scanning time. Readers should keep in mind that from Tenable's point of view, a "large" organization is someone with multiple Class B networks and more than 1 million items reported by Nessus. A basic concept to keep in mind when modifying how scans run is that there is a balance between scanning speed, thoroughness and invasiveness. For example, one may simply be able to decrease scan speed times by decreasing the number of tests performed.

Asking for Credentials from IT

by Ron Gula
January 23, 2007

If you are not part of the IT group, you may have to ask someone for the right credentials to perform patch and configuration audits with Nessus. This blog entry will offer some advice and strategies to consider when attempting to obtain access to the devices for auditing.

Who Doesn't Have Credentials?

Enumerating Corporate Data

by Ron Gula
January 4, 2007

Many Tenable customers and Nessus users have asked us for recommended strategies to discover where sensitive information is placed on the network. Often, organizations have segregated networks to separate sensitive data and want to verify compliance with the corporate policy. This is particularly important for organizations subject to legislation such as Sarbannes-Oxley or HIPAA.