Welcome to the Tenable Network Security Podcast - Episode 14
Correction: Nessus 4.2 supports Suse 10 Enterprise.
- Nessus 4.2 is released! - Brand new web interface, performance and reporting improvements, and wider platform support. Listen in for the exclusive details!
- A new video has been released that covers how to use Nessus 4.2, the latest version of Tenable's Nessus vulnerability scanner.
- Tenable Network Security's CEO, Ron Gula, is featured in SC Magazine as one the entrepreneurial visionaries who have launched successful IT security companies in the last 20 years.
- We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!
- Smart vs Stupid: But Not Why You Think So! - I really like this post because it is so matter of fact and to the point. Anton lists out defensive measures and risk mitigations that work, and ones that don't. He puts them in two columns called "Smart" and "Stupid". For example monitoring for attacks is smart, but saying, "Nobody wants to hack us", is well, not so smart.
- Don't Be Afraid To Use A Cheat Sheet - Along the lines of being prepared (and knowing that someday a compromise will occur on your network) having a cheat sheet is a life saver. When an incident occurs, it can be a stressful environment. Management is pressing to find out what happened, systems administrators are pushing to get systems back on line, and you are left wondering just how many systems were compromised, and more importantly how. Having a cheat sheet helps you keep a cool head and not struggle to remember commands or use incorrect syntax, which can greatly reduce the precious response time.
- New Plugin: SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection - Remember that nasty SSL bug that allows for MiTM attacks? Nessus now has a plugin to detect this condition on certain systems. This is a remote check that can identify systems that may be vulnerable to this attack. More details and references are listed in the plugin output.