Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 118 - "Detect jailbroken devices, mobile device concerns"

Announcements

New & Notable Plugins

Nessus:

The plugins below are local patch checks for Cisco IOS devices:

Passive Vulnerability Scanner:

Stories

  1. One lesson from Information Security World 2012 - Security is in trouble - A panel with Marcus Ranum, Chris Nickerson, and Alex Hutton, what could be better? The take-aways were security leaders don't have enough knowledge about the organization to make informed prioritization decisions, auditors should not determine priorities, management fights auditors instead of bad guys, there are lots of bears, and not enough smart people in the organization to be effective when it comes to security.
  2. SSL Chain Cert Fun with Nessus - Neat article on how to update your certificate chain in Nessus so it recognizes your certificates and any SSL configurations with chained certs.
  3. Mobile Device Management Top Concern - Mobile device vulnerability management is the top concern for security professionals. Ron Gula is quoted as saying "Mobile devices add an entirely new level of complexity to an organization, but security too often takes a back seat to convenience. Although the transient nature of mobile devices presents a unique challenge, organizations can achieve greater control by regularly scanning for vulnerabilities and monitoring the information that comes on and off their network." Now, some may take issue with how this comes to be the top concern. I'll admit, I think its a bit premature to think mobile devices pose that much of a threat. However, we're not talking about the "security" of mobile devices being the concern; its about vulnerability management and monitoring. Having spent a good amount of time traveling, I used my smartphone A LOT. I began thinking about how painful it was to use a first generation iPhone and how far we have come. At what point do many just stop carrying a laptop?
  4. Curb Their Enthusiasm: CEO Optimism Can Be A Security Risk - This is one of the greatest quotes about security I've read in a long time: "…bad security decisions are made for the same reasons that other bad decisions get made: inability to predict the future, failure to foresee all the consequences of the decision, and a reliance on someone else who doesn’t live up to their end of the deal."
  5. Lesson From Pwn2Own: Focus On Exploitability - "The speed that vulnerabilities could be exploited holds a lesson. While vulnerabilities that are actively being exploited should receive the highest priority for patching, the contest shows that the exploitability of a vulnerability -- not just the existence of an exploit -- should be considered as well." There is this notion that some people must see a system exploited in order to believe it presents risk. It's difficult to know which vulnerabilities are easy to exploit, and which ones are next to impossible. However, Nessus can help you find the systems for which an exploit exists, and no question you should be patching these first. But don't leave out all the other vulnerabilities, as there are people who can crank out an exploit for a given flaw rather quickly, and if you are not expecting it, it can be damaging when exploited.
  6. FreePBX Exploit Phone Home - Some really neat stuff in here -- FreePBX exploit, using Nmap for privilege escalation, and more!

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.