Tenable Blog

Trust, but Verify

Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system and database information from a SharePoint server farm and compares it against the settings specified in the DISA STIG guide for Microsoft SharePoint 2010 servers. This blog entry discusses some of the Nessus functionality that was used to create the audit file.

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

The Year in Tenable Product Features

• Vulnerability Exploitability Index
• Malicious Process and Botnet Activity Detection
• Mobile Device Scanning (Microsoft ActiveSync and Apple Profile Manager)
• Patch Management Integration (Red Hat, VMwareGo, WSUS, SCCM, and Tivoli Endpoint Manager)
• Nessus HTML5 Interface
• Compliance/Configuration Auditing Firewalls, Routers, and Virtualization (vCenter, Junos, Check Point, Cisco NX-OS)
• IPv6 Support in SecurityCenter and PVS

Announcements

• Video: Direct Attack Path Analysis
• White Paper: Why is outcome based security monitoring so critical with “Big Data”?
• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass
• RWCards Component for Joomla! mosConfig_absolute_path Parameter Remote File Inclusion
• FreeSWITCH Route Header Value Handling DoS
• ManageEngine Security Manager Plus 'f' Directory Traversal Arbitrary File Access
• NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution
• NetIQ Privileged User Manager Password Change Authentication Bypass
• ISC BIND 9 DNS64 Handling DoS
• Microsoft Windows Unquoted Service Path Enumeration
• freeFTPd / freeSSHd SFTP Authentication Bypass

Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit device configurations based on Cisco Nexus Operating System (NX-OS). Cisco NX-OS runs on high-end Nexus switches, MDS storage switches, and Cisco UCS networking. This audit follows most of the recommendations that are included in the Cisco Guide to Securing Cisco NX-OS Software Devices. This blog entry discusses some of the Nessus functionality that was used in creating the audit file.