Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 184 - "Video Killed the Network Security Star"

Welcome to the Tenable Network Security Podcast Episode 184

Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.

Announcements

Discussion & Highlighted Plugins

  • Passive Vulnerability Scanning Use Cases - You can use Tenable's Passive Vulnerability Scanner (PVS) to support many different efforts in your network security strategy. For example, as part of a vulnerability assessment, PVS solves many problems. There are many points where a network vulnerability scanner can plug in and start scanning, but sometimes it's tough to know where to start. With PVS, you can set it up ahead of time and review a list of collected vulnerabilities before the audit or assessment officially begins. Intrusion monitoring also can make use of passively collected vulnerabilities, using them to correlate to intrusion events and identify other systems with the same vulnerabilities used by attackers to gain access to your network. See Ron Gula's blog post "Adding Passive Vulnerability Scanning To Your Security ToolKit" for more information.
  • "Patches Break Things!" - Believe me, I've been there. I was a Windows systems administrator, and then a UNIX/Linux systems administrator. I've applied my share of patches that have blown things up. Fast forward to today: We just can't afford to wait and test every patch, or have really long patch cycles for everything. We need multiple patch cycles. For example, when it comes to Adobe, you've got to be fast and furious with your patching. Adobe Reader should be an easy win – go ahead and push out those patches. Chances are that breaking Reader won't disrupt business operations (in some cases it may). Another strategy with merit is to patch users in groups. I had forgotten about this strategy, but nothing wrong with segmenting your users and constantly rolling out patches, watching for gotchas. Also, don't forget you can use Nessus for Auditing Adobe Reader JavaScript Settings, in addition to finding out if it's patched.
  • Video Killed the Network Security Star - Two sets of plugins this week deal with video teleconferencing vulnerabilities from Cisco and Polycom. I've personally discovered and exploited similar vulnerabilities on enterprise networks. Attackers come in all different shapes and sizes. While most threats are malware based, you can't disregard the possibility of espionage or targeted attacks, which can be far reaching and damaging. For example, an attacker snooping in on conversations with your company. Groups of attackers are out there collecting information about your organization and selling it to other groups of attackers who use the information to exploit you. Don't give them an opportunity to snoop; patch and harden your video teleconferencing systems!

New & Notable Plugins

Nessus

General

Passive Vulnerability Scanner

SecurityCenter Apps

Security News Stories

  1. Tenable Network Security Executives Win Prestigious Ernst and Young Entrepreneur of the Year® 2013 Maryland Award
  2. Security Spending on the Rise as Threats Proliferate
  3. Look at risk before leaping into BYOD, report cautions
  4. Experts praise Pentagon's march to security standards
  5. Defending against web-based malware: Spot the smoke, don't wait for fire
  6. After Ten Years, Cracks In Microsoft's Patch Program
  7. iOS 7 patches 80 vulnerabilities
  8. Linus Torvalds Admits He's Been Asked to Insert Backdoor Into Linux
  9. Chaos Computer Club: iPhone 5S finger-sniffer COMPROMISED
  10. How I hacked SIM cards with a single text - and the networks DON'T CARE
  11. Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones

 

 

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Purchase your 1-, 2-, or 3-year license today.