Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 127 - "IPv6 Day, Defense-In-Depth?"

Welcome to the Tenable Network Security Podcast Episode 127

Announcements

New & Notable Plugins

Nessus

SecurityCenter Report Templates

  • DNSChanger Site Summary - This report template will enumerate systems on your network that have been identified (via Nessus and/or PVS) to have DNS IPs in use that fall within the DNSChanger ranges.

Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Customer Support Portal.

Stories

  1. toolsmith: Security Investigations with PowerShell - I think this is really cool, so much functionality in PowerShell. Also note you can run PowerShell commands from Nessus Compliance Checks.
  2. Woes me information (cyber) security is hard - I'm not certain I agree with the whole "get rid of defense-in-depth", I think some folks look deeper into the meaning of this term. There is nothing wrong with having several safeguards and not relying on any one (or even two) things to increase security. However, defense-in-depth does not excuse you from a more holistic approach to security, which I think is where people start poking holes in it. Some other great thoughts here, such as security being more about being resilient and protecting your data.
  3. HUGE Microsoft security FAIL helped Flame virus spread - Computerworld Blogs - We all knew it would be a bad day when someone was able to spoof Microsoft updates, and Flame has done just that.
  4. IPv6 Day 2012 – What Does It Mean? - I believe IPv6, despite gaining traction recently, will still be a slow, steady mover, which will eventually win the race, but not overnight.
  5. It’s Time to Retire "Security" From Our Lingo - It's a fantastic idea, we drop security as an add-on, and just embed it into the culture. This won't happen anytime soon due to human nature and economics, but it's a nice idea to think about.
  6. How security pros are handling data overload - "A third of the respondents, all of who worked in companies with 1,000 employees or more worldwide, found it too difficult to distinguish legitimate from malicious activity, while almost three in 10 were equally successful as unsuccessful in correlating security data to business impact. Worse, 4 percent of the pros said they were mostly unsuccessful." What can we do to make sense of the data? I've heard lots of tips in this area, such as correlation, knowing your network, and context, but it still remains on the higher end of the difficulty scale. The one thing I believe many organizations miss most often is dedication and resources.
  7. SecurityTracker: Microsoft Windows Includes Some Invalid Certificates - Microsoft has revoked the problem certificates -- make sure all your systems no longer trust them!