Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 14

Welcome to the Tenable Network Security Podcast - Episode 14

Announcements

Correction: Nessus 4.2 supports Suse 10 Enterprise.





NessusLogo.png
Download version 4.2 of the popular Nessus vulnerability scanner, featuring an all new web interface!

Stories

  • Smart vs Stupid: But Not Why You Think So! - I really like this post because it is so matter of fact and to the point. Anton lists out defensive measures and risk mitigations that work, and ones that don't. He puts them in two columns called "Smart" and "Stupid". For example monitoring for attacks is smart, but saying, "Nobody wants to hack us", is well, not so smart.
  • Don't Be Afraid To Use A Cheat Sheet - Along the lines of being prepared (and knowing that someday a compromise will occur on your network) having a cheat sheet is a life saver. When an incident occurs, it can be a stressful environment. Management is pressing to find out what happened, systems administrators are pushing to get systems back on line, and you are left wondering just how many systems were compromised, and more importantly how. Having a cheat sheet helps you keep a cool head and not struggle to remember commands or use incorrect syntax, which can greatly reduce the precious response time.
  • New Plugin: SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection - Remember that nasty SSL bug that allows for MiTM attacks? Nessus now has a plugin to detect this condition on certain systems. This is a remote check that can identify systems that may be vulnerable to this attack. More details and references are listed in the plugin output.
  • New Plugin: HTTP Cookie Import - This is a really nice feature to have when doing web application testing. Some applications will use cookies for various features, and trying to audit them without setting the values can be challenging, if not a futile effort entirely. Now you can use Nessus to import the application's cookies and then perform the vulnerability testing. Cookies can provide authentication information and other parameters that need to be present for the application to function properly. In order to retrieve an application's cookies you can use the Firefox extension called Export Cookies.



Download Tenable Network Security Podcast Episode 14