NIST Audit Policies for Nessus 3
April 30, 2007Tenable has released our first batch of audit policies which can test Windows 2000, 2003 and XP Pro systems for compliance with NIST best practice configuration standards. These ".audit" checks are c...
Asking Vista for its list of network interfaces
April 25, 2007Tenable's research group recently released plugin ID #24904 which speaks with the Link Layer Topology Discovery protocol. This is an Ethernet "layer 2" scan, so it is something you need to p...
Finding Low Frequency Events
April 23, 2007Very often when I speak with Tenable customers about performing IDS or Event analysis, I ask them if they use the Time Distribution tool under the Security Center. This tool is used to identify any co...
Active and Passive Teredo Detection with Nessus and PVS
April 17, 2007Quoting directly from Microsoft's web site about Teredo:"Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic whe...
Nessus 3.2 BETA - IPv6 Scanning
April 16, 2007Nessus 3.2 will support scanning of IPv6 addresses. The current BETA (released as Nessus 3.1.3) can be used to perform scans of IPv6 addresses. This blog entry shows how to use the current Nessus 3.2 ...
Microsoft Windows Domain Name Server Service Vulnerability Plugin
April 13, 2007Today, Tenable's research group released a remote Nessus plugin check (ID #25035) for a new vulnerability in Microsoft DNS servers. Microsoft has released a security advisory with details of the vulne...
Support for StoneGate Firewall Logs
April 11, 2007Tenable Log Correlation Engine customers who have Stonegate firewalls within their environment can now make use of a new normalization library. The new PRM parses logs obtained from the Stonesoft prod...
New Passive Vulnerability Scanner Plugin families
April 10, 2007Tenable has added two new plugin families for the Passive Vulnerability Scanner. Previously, all of the Corporate Policy plugins belonged to the plugin family of "Policy". However, with plug...
Detection of Non Disclosure Agreements with Nessus
April 6, 2007Modern business attempt to put in place "Non Disclosure Agreements" with each other. These agreements dictate the rules for use for knowledge gained through interaction with each other. Tenable's res...
Upcoming Tenable Shows and Speaking Events
April 5, 2007Tenable will be participating in the following events in the next few months. I will be involved with all of these events, and many Tenable folks will also be there too. CanSec West 2007April 18-20, ...
Tenable products Officially in Common Criteria Evaluation
April 4, 2007On March 21st, Tenable announced that our products were officially under NIAP Common Criteria evaluation.  Tenable is scheduled to complete the certification this year. This was good news to our ...
Auditing and Finding Virtual Machines
April 3, 2007I was speaking with an attendee at the Mid Atlantic IANS Forum, and they had an issue tracking new virtual servers that were "popping up" all over their enterprise. They had a secondary prob...