PCI Configuration Audits with Nessus
July 3, 2007Tenable's Research group has produced two Nessus PCI configuration .audit files for both the Windows and Linux operating systems. These configuration checks are derived from specific recommendations a...
NessusClient 3.0 BETA
June 28, 2007Tenable Network Security has made available a BETA version of the new NessusClient 3.0. This Nessus client can be used to connect to any Nessus scanner and perform scans, manage scan policies and anal...
LM/NTLM Hash Support for SMB Credentials
June 27, 2007Tenable Network Security's Research staff recently added the ability to use LanMan/NTLM hashes as a form of credentials for Windows audits. If you use Nessus as a penetration testing tool, this allows...
Using the 'nasl' Nessus Command Line Tool
June 27, 2007This blog entry will discuss the usage of the Nessus nasl binary tool. It will also discuss which plugins work well with the tool, how credentials and other information can be supplied at scan time an...
Nessus 3.0.6 Available
June 26, 2007Tenable Network Security has released version 3.0.6 of the Nessus Vulnerability Scanner which fixes a variety of performance issues and bugs. It also includes a security fix for a cross site scripti...
Tracking Users Through Logs and Network Activity
June 23, 2007Tenable's research group has released a TASL correlation script for the Log Correlation Engine (LCE) that automatically associates learned user accounts with IP addresses. This enables historical trac...
CIS Certification for Nessus Red Hat audits
June 22, 2007Tenable was recently awarded certification to perform Center For Internet Security (CIS) audits of Red Hat systems with the Nessus 3 scanner and Security Center. This blog entry discusses what ...
Passive Discovery of User Accounts
June 13, 2007The Passive Vulnerability Scanner's plugin rule base was recently updated with new logic to recognize a variety of client-side account information for services such as AIM, MySpace and many others...
Vulnerability Tourism
June 11, 2007Wouldn't it be interesting to know which places you go to on the Internet or in your corporate network that have major vulnerabilities in real-time? How many of those customer portals, web sign-up for...
Nessus 3.2 BETA - New 3.1.4 point release
June 7, 2007Today, Tenable released Nessus 3.1.4 beta. Here are the main changes compared to Nessus 3.1.3 : 64 bit OS builds for Debian 4 and Red Hat ES 5 Fedora Core 7 build Improved support for IPv6. In particu...
Auditing Secure Shell - Part I
May 31, 2007This blog entry outlines a wide variety of audits and monitoring techniques that can be used to keep watch over the Secure Shell applications in use on your network. Examples for auditing SSH client a...
New Keywords and APIs for UNIX Compliance Checks
May 29, 2007Tenable has recently added several new APIs to the UNIX compliance checks. This blog entry discusses the new checks with several examples. These APIs are available to Direct Feed and Security Center u...