Tenable Network Security Podcast - Episode 18

Welcome to the Tenable Network Security Podcast - Episode 18

Announcements

• A new blog post has been released titled "Airport Security: Don't Make The Same Mistakes" and compares the current challenges of airport security to the very same challenges we face with computer and network security.
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments, and suggestions!
• We're hiring! - Visit the web site for more information about open positions, there are currently 12 open positions listed!
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Interview: Paul Crutchfield

Paul is the Director of Sales Engineering for Tenable Network Security. He comes on the show to talk about his experiences with our customers, including some details about using Nessus and the enterprise products on a very large scale. We also discuss evaluation criteria for vulnerability scanners and log management applications.

Stories

• A Tale Of Lock picks & Screwdrivers - It seems computer security problems will mirror physical security problems. Nothing could be more true that with the case of lock picking. You will find lock picking exhibitions at most major computer security and hacking conferences. This article covers some of the parallels between the two trades, and its message is clear: Attackers will always take the easy route. For example, an attacker that can bypass a door by going through a window. The same is true with encryption, many attacks against encryption attack the implementation of the encryption, not the encryption algorithm itself.
• Hidden admin access on D-Link routers - A SOAP-based management protocol (Home Network Administration Protocol, HNAP) allows attackers to query the device for information and bypass authentication, allowing attackers to change the settings of the device.
• Don't Wait To Lock Down DB2 - The database is often buried behind firewalls, web servers, and other layers of protection. However, this does not mean that security can be ignored. If the database is housing your data, it should represent the highest level of security. Unfortunately, as is the case with many DB2 users, security features are not always implemented.
• WMI Bluetooth Network Adapter Enumeration - This is a neat little Nessus plugin that will detect, and enumerate, which Bluetooth devices are plugged into remote hosts. If your security policy outlaws Bluetooth keyboards (which is should) this is a great way to enforce that policy. [Correction: This plugin will only detect Bluetooth Network adapters].