Tenable Blog

Nessus 3.2 will support scanning of IPv6 addresses. The current BETA (released as Nessus 3.1.3) can be used to perform scans of IPv6 addresses. This blog entry shows how to use the current Nessus 3.2 BETA to perform such a scan from the UNIX command line.

Why Scan for IPv6 Addresses?

The Nessus 3.2 BETA includes many new features, including a library that allows users to program their own WMI queries to Windows systems. This blog entry discuses some example WMI NASL scripts that make use of the new library and identify interesting asset and configuration information about Windows Hosts.

Tenable Network Security has recently added the ability to query remote Windows systems via the Windows Management Instrumentation (WMI) protocol. This allows a credentialed Nessus 3 scan to perform some very advanced configuration audits of Windows systems. This blog entry discusses WMI, the initial checks developed by Tenable and how this can impact consultants and enterprise users of Nessus and the Security Center.

What is WMI?

Many organizations have IT configuration polices that require CDs and USB drives to be disabled. This blog entry discusses a simple way to use a Nessus 3 .audit file to test a Windows 2003 server for the correct registry settings that disable "AutoRun" of programs on CDs as well as disables USB drives.

Windows 2003 Registry Settings

On Windows 2003 servers, the following registry setting controls "AutoRun" for CD drives:

HKLM\SYSTEM\CurrentControlSet\Services\Cdrom

Tenable recently increased the flexibility of performing configuration assessments of Windows  access control lists (ACLs) with the Nessus compliance checks.

Previously, an ACL policy could only be built with exact understanding if it were "inherited" or "not inherited". For large numbers of checks, it might not make any difference if an ACL were inherited from someplace else or not, just that the actual ACL was correct.

Tenable has released 32 plugins for Nessus 3 which specifically test SCADA devices. These plugins were the result of a four month research contract between Tenable Network Security and Digital Bond.

For over a year now, Tenable has been including CVSS base scores in the plugins we write for Nessus as well as Passive Vulnerability Scanner (PVS) to give our customers an objective way to assess the risk of flaws those plugins test for. We've been calculating these scores in-house during the course of investigating vulnerabilities and how to test for them.

Tenable Network Security is pleased to announce the immediate availability of Nessus 3.0.4

Tenable has received many requests to extend the API for the agent-less

Nessus has more than 11,000 plugins which can be used to audit networks with host based checks and network checks. There are also many different options that Nessus users can configure to optimize their scans. One of these options is to enable or disable "safe checks". The "safe checks" setting allows Nessus users to enable a set of plugins within Nessus' library of vulnerability checks which Tenable feels can have negative effects on the network, device or application being tested.