Uncategorized

Tenable Discussion Forums

by Ron Gula on March 13, 2009

Tenable has been operating a new “Discussions Forums” web site for all Nessus users and Tenable customers. The forum is located at https://discussions.nessus.org /. It offers the following discussion areas: Announcements Nessus : Scanning Nessus : Reports Nessus : Advanced Nessus : Compliance Checks (*) Nessus : Feature Requests, Bug Reports Security Center (*) Log Correlation Engine (*) Passive Vulnerability Scanner (*) (*) – Customer access only

USB Device History Auditing with Nessus

by Ron Gula on March 11, 2009

Nessus plugin # 35730 can perform an audit of Windows computers to obtain a list of all USB devices that may have been connected to it at one point in time. This plugin compliments plugin # 24274 which utilizes a WMI query to list all currently installed USB devices.

Packets and Logs Found on the Shmoocon Network

by Ron Gula on February 18, 2009

Tenable staff had a great time at Schoocon this year and picked up some interesting data in the process. As we did in 2008 [ http://blog.tenablesecurity.com/2008/02/shmoocon---dont.html ] we ran our Security Center , Passive Vulnerability Scanner and Log Correlation Engine on the production Shmoocon 2009 network. This blog entry discusses the type of data that was obtained and also shows many different examples of log analysis and passive traffic analysis. Initial Passive Vulnerability and Application Detection Conference attendees stopped by the Tenable Shmoocon booth to play some poker and...

Auditing MS SQL Servers for DISA STIG Compliance with Nessus

by Ron Gula on February 5, 2009

Recently, Tenable added the ability for Nessus ProfessionalFeed users to establish a session with database servers and audit their configurations. Our first major audit policy that utilizes this technology performs a database audit against settings specified in the DISA STIG guide for Microsoft SQL servers. This blog entry discusses the new SQL auditing functionality and how to perform the DISA STIG audit with Nessus. Why Audit SQL Database Configurations? SQL databases are widely used to drive web applications, track credit card information, host Personal Identification Information (PII) and...

DOJOSEC - Compliance Video Online

by Ron Gula on January 16, 2009

The videos from the January DojoSec meeting are now online . Marcus Carey's introduction, Dale Beauchamp's talk on memory forensics and my talk on all things related to compliance and IT are available on Vimeo . To watch the talks, click below. My talk is 45 minutes and it should make you think hard about how to articulate compliance, configuration management, and mono-cultures to your management or your team.

Risky Business #89 Podcast - Xen Security, Free Microsoft Anti-Virus and Marcus Ranum's comments about the recent Hack-In-The-Box conference

by Ron Gula on November 26, 2008

Episode #89 of Risky Business is now available and features comments from Tenable's CSO, Marcus Ranum. Marcus recently keynoted the Hack In The Box security conference in Malaysia and spoke on many of the common misconceptions about "cyber" warfare. Marcus has also blogged here about many different topics which receive the "cyber" label including: Cyber-Espionage Cyber-Terror Cyber-Crime Also featured in this episode of Risky Business is a discussion about Xen hyper-visor security and Microsoft's recent annoncment about providing free Anti-Virus.

Onsite Tenable Training: An Instructor Perspective

by Matt Franz on November 20, 2008

Besides the monthly Tenable Enterprise Security Monitoring classes available at our Columbia training center, Tenable offers versions of the same content taught at customer locations. The obvious reason to choose our onsite training offering is that allows entire teams to be quickly trained on Security Center, Nessus, Passive Vulnerability Scanner or Log Correlation Engine without the inconvenience and cost of sending one to two students at a time to Maryland. But having just returned from an onsite class with one of our large customers, there are other aspects of onsite training than make...

PCI Executive Roundtables in New York and Atlanta

by Ron Gula on November 4, 2008

Tenable Network Security has partnered with IANS to sponsor two executive level PCI discussions in New York City and Atlanta. Both events are this week, and we have limited seating available for corporations who are facing the challenges of being and demonstrating PCI compliance. Questions to be answered at the roundtable include: How close are my peers getting to “complete PCI compliance”? How much are my peers spending on PCI compliance? Which sections of the PCI DSS are causing my peers the most confusion? What are the best technical solutions in the market today for PCI compliance? What...

Log Correlation Engine 3.0 Released

by Ron Gula on November 3, 2008

Tenable is proud to announce the release of the Log Correlation Engine version 3.0. This blog entry highlights some of the LCE 3.0 enhancements and new features, plus some of the new functionality which will be made available with the upcoming release of Security Center 3.4.3. If you are not familiar with the LCE, this product is an upgrade to the Tenable Security Center that can process logs from 100s of different applications, devices, operating systems and security monitoring technologies. Every log is normalized, correlated for a wide variety of security and compliance behaviors and...

Network Process Auditing with Nessus

by Ron Gula on October 7, 2008

One of the most important goals of forensic analysis and system auditing is to determine what a system is actually running – not what appears to be running. A static review of installed system binaries may show results that are perfectly benign while the process that is actually running is not. It is important to correlate the running process with the program stored on disk to really determine what it is doing. “Listening Process” Auditing with Nessus Nessus users that perform credentialed audits of Windows or Unix servers can obtain a list that shows which specific processes are listening on...

Pages