Federally Mandated Configuration Settings for XP and Vista
August 8, 2007The Office of Management and Budget recently released new configuration guidelines for Windows XP and Vista that all Federal agencies need to adopt by February 1, 2008. The guidelines are known as the...
Finding Vulnerabilities Older than 30 Days
August 6, 2007"30 Days" seems to be the default amount of time organizations look for vulnerabilities to be patched by. Version 1.1 of the Payment Card Industry standard specifically states a 30 day time ...
Recent Content and Product Updates
August 3, 2007Over the past few weeks, we've released several new tools, Nessus audit policies, Log Correlation Engine log parsers and Log Correlation Engine TASL scripts. A summary of these releases is provided be...
SpreadSheets of Excitement and Convenience
July 30, 2007I've been at several conferences and forums where a panel of CIOs or CSOs gives their guidance about enterprise risk and compliance reporting.  When asked which products are up to the task, as ea...
Nessus 3.2 BETA -- Example 'nessuscmd' usage
July 20, 2007The BETA of Nessus 3.2 includes support for a new command line method to invoke quick Nessus scans. This blog entry details some interesting examples for port scanning, operating system identification...
CVSS Version 2 Scoring with Nessus and the Passive Vulnerability Scanner
July 19, 2007On Wednesday, August 15th, 2007, Tenable Network Security will begin converting CVSS base scores for Nessus and the Passive Vulnerability Scanner (PVS) plugins from version 1 to version 2. This blog e...
Blacklist Domain Alerting in Proxy Logs
July 19, 2007Tenable's Research group has released a new Log Correlation Engine TASL script which processes web proxy logs and alerts when specific domains are visited. The script is named blacklist_domain.tasl an...
Detecting the Apple iPhone and other 'Shadow IT' Technology
July 17, 2007While reading the 'Declaration of Interdependence' series of articles in the July 1st issue of CIO Magazine (including an additional online article named 'Users Who Know Too Much and the CIOs Who Fear...
Tenable Employment Opportunities
July 13, 2007Normally, we focus on the technical usage of the products at Tenable, but we have a number of open positions I'd like to make people aware of. If you are a regular BLOG reader, you might enjoy working...
Can I use Nessus to perform PCI audits?
July 12, 2007Tenable's sales and support groups continue to get the following type of question:"I'm considering purchasing a scanning service from vendor XYZ and they claim to use Nessus. Are they certified b...
Detecting "Off Port" Services
July 9, 2007If you are attempting to perform network security monitoring in a large, unmanaged environment that has "poor" security, you are most likely dealing with botnets, phishing attempts, worms an...
PCI Configuration Audits with Nessus
July 3, 2007Tenable's Research group has produced two Nessus PCI configuration .audit files for both the Windows and Linux operating systems. These configuration checks are derived from specific recommendations a...