Tenable Network Security Podcast Episode 191 - "The Top 10 PVS Questions Answered"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus, PVS, and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

Discussion & Highlighted Plugins

1. What is the Passive Vulnerability Scanner (PVS) and what does it do?
2. How is PVS different from an IDS?
3. How does PVS keep track of sessions and discover applications?
4. What are some examples of PVS detecting vulnerable client software?
5. How can PVS help detect instances of virtualization in your environment?
6. How can PVS be used to detect vulnerabilities in SCADA devices, and why is this important?
7. What are some examples of PVS detecting applications?
8. How much traffic can PVS handle?
9. How can you set up and configure PVS to monitor the wireless network and detect vulnerabilities in smartphones and tablets?
10. Does PVS support IPv6?

Nessus plugin topics:

• Nessus now has the ability to upload a custom list of hashes for whitelisting processes and the ability to identify new processes previously not seen.
• We've also added into Nessus the ability to set the number of days your anti-virus software is out of date before generating an alert.

Nessus

• Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (cisco-sa-20131030-asr1000)
• Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability (cisco-sa-20131106-sip)
• Adobe ColdFusion Multiple Vulnerabilities (APSB13-27) (credentialed check)
• SeaMonkey < 2.22.1 NSS and NSPR Multiple Vulnerabilities
• Oracle JavaServer Faces Multiple Partial Directory Traversals

Passive Vulnerability Scanner

• OpenSSH v6.2 / v6.3 Remote Memory Corruption Vulnerability
• OpenSSH 6.2 / 6.3 Remote Memory Corruption Vulnerability

SecurityCenter Apps

Dashboards

Report Templates

Security News Stories

1. ACG Maryland - 2013 Deal of the Year Finalist - Tenable Network Security & Accel Partners
2. Risky Business Podcast #304 -- Tech heavyweights target NSA
3. Why Ben Franklin would have excelled in cyber security
4. Tenable Network Security Named a Deloitte 2013 Technology Fast 500 Award Winner
5. Linux backdoor squirts code into SSH to keep its badness buried | The Register
6. Hacking of forum software firm vBulletin spawns host of zero-day attacks | The Inquirer
7. Netflixers Beware: Angler Exploit Kit Targets Silverlight Vulnerability
8. Adobe credentials and the serious insecurity of password hints | Troy Hunt
9. Tavis Ormandy: QNX
10. w00tsec: Unpacking Firmware Images from Cable Modems