Advanced Nessus 3 WMI Checks Against Windows Systems
February 7, 2007Tenable Network Security has recently added the ability to query remote Windows systems via the Windows Management Instrumentation (WMI) protocol. This allows a credentialed Nessus 3 scan to perform s...
Ron Gula interview at PaulDotCom
February 4, 2007I got the chance to virtually sit down with the folks at PaulDotCom for an interview. We discussed a variety of topics including vulnerability disclosure, Nessus usage, the early days of Dragon and Sn...
UDP Service and Vulnerability Enumeration
February 1, 2007The User Datagram Protocol (UDP) transfers data much differently than the Transmission Control Protocol (TCP). Services that run on UDP can make use of the client and server model that TCP uses, but i...
Optimizing Enterprise Nessus Scans for Speed
January 29, 2007Tenable often receives requests for advice and strategies to help very large organizations decrease their scanning time. Readers should keep in mind that from Tenable's point of view, a "large&qu...
Asking for Credentials from IT
January 23, 2007If you are not part of the IT group, you may have to ask someone for the right credentials to perform patch and configuration audits with Nessus. This blog entry will offer some advice and strategies ...
Hunting Symantec Worms
January 20, 2007If you are performing network monitoring on a large network that is infected with any number of worms or botnets, there are many different techniques you can use with Tenable products to identify infe...
Security Center 3D Tool 1.2
January 17, 2007Version 1.2 of the 3D Tool is now available. This version is much faster then the previous version. It makes use of Security Center 3.2's ability to obtain data as a .csv spreadsheet. Those types of q...
Nessus 3.0.5 Available
January 17, 2007This point release provides fixes for multiple minor issues with Nessus 3.0.4. The fixes include: Faster startup time, especially on laptops Improved the performance of the SYN port scanner Fixed a me...
Graphical Data Visualizations with Tenable Products
January 15, 2007There are many ways to visualize raw data in graphical form. This blog entry will consider network topology visualization, trust relationship graphing and security event analysis. We will use a combin...
Using "New Port Browsing" Events to find Worm/Trojan/Rootkit Activity
January 12, 2007Version 3.0 of the Passive Vulnerability Scanner (PVS) dynamical alerts when it finds "new" pieces of information about the network. Potential information includes open ports, browsed ports,...
PSAD rules for LCE and Firewall Monitoring in General
January 10, 2007Tenable's research group released a Log Correlation Engine (LCE) log parser library for events generated by the Port Scan Anomaly Detector (PSAD) tool. The LCE PRM library is available here for downlo...
Auditing Windows 2003 Servers for Disabled USB Drives and AutoRun CD-ROM
January 8, 2007Many organizations have IT configuration polices that require CDs and USB drives to be disabled. This blog entry discusses a simple way to use a Nessus 3 .audit file to test a Windows 2003 server for ...