Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 143 - "SSL Monitoring, Good Security Habits"

Announcements

New & Notable Plugins

Nessus

Passive Vulnerability Scanner

Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.

Stories

  1. Five Habits of Companies That Catch Insiders - I guess this is all we need to do to be "secure": "The most effective companies identified their important data, established strong ties with employees, spearheaded cross-disciplinary security efforts, and enforced policy with technology, states the report, released today." Sounds easy, right?
  2. Apple banishes Java from Mac browsers - I just had to laugh when I read this: "Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. This update uninstalls the Apple-provided Java applet plug-in from all web browsers."
  3. Android apps get SSL wrong, expose personal data - This comes as no surprise as developers rush to get apps out the door and how low the barrier to entry is with Android apps: "Examples given by the researchers including apps that are instructed to trust all certificates presented to them (21 of 100 apps selected for a MITM test); 20 of the MITM-tested apps were configured to accept certificates regardless of its associated hostname (for example, an app connecting to PayPal would accept a certificate from another domain). Other issues included SSL stripping and “lazy” SSL implementations." I wonder how well Apple iOS apps would do?
  4. 5 to-dos to maintain reputation after cyberattack | ZDNet - Tips include making sure you beat the media to the punch and be in control of the messages the public receives. Not always an easy thing to do as releasing information can be damaging to your reputation. Also, tailor your messages to different audiences, don't delay your apologies, be open and honest, and help your customers deal with the repercussions. Coincidentally, this is all good relationship advice, especially if you've done something "bad."
  5. Lack of skilled security pros challenges CISOs to fill specialties - A dwindling talent pool is to blame for so few skilled IT security professionals, with the top 3 positions being: Cyber security analyst, Cyber security engineer, and Software engineer. Although I don't agree with this statement: "This talent market nearly causes you to not consider opening a new position when you may ordinarily need to. Instead you find other ways to get it done,” I believe security will fail if you "just try to get it done." In fact, that's true with many things in IT, you have to do it right or it will have a tendency to fail.
  6. Pass the Hash w/o Metasploit - Part 2 - Blog - Room362.com - Really neat article on how to use the Metasploit libraries to eventually create a portable binary that will help you accomplish tasks, such as passing the hash on Windows. This makes small, useful, and somewhat evil utilities easy to port around on systems, but also runs the risk of getting caught by anti-virus signatures. However, there are several tricks to evading, and it typically only takes a few tries to bypass AV. The real kicker is that few are checking the AV logs to see how many times people are trying.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.