Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 35

Welcome to the Tenable Network Security Podcast - Episode 35

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements


Stories

  • Reclaim Your Privacy? - There is no question that some people share way too much information on Facebook. Social networking is so popular that attacks and penetration testers alike are using it for information gathering and social engineering when attacking an organization. The techniques are quite useful and often very successful. One good example is to guess or brute force user passwords (for example, I can view a user's Facebook page, obtain the name of your dog, and try that as your password). It sounds too easy, but unfortunately for the security of enterprise networks, it works. The site linked here claims to help Facebook users with their privacy settings. Now, this could be completely legitimate, but in the words of Admiral Ackbar, "it could be a trap!" Don't trust programs or web sites that claim to check your computer settings or Facebook settings as you could unknowingly be allowing an attacker access to your information.
  • Fun With Printers - Part 3 - If there is one thing I love, its printer hacking! This three-part blog post (See Part 1, and Part 2) details how to use printers to steal documents being printed, use printers as relays for idle port scanning, and a complete re-write of the Hijetter tool that allows you to send commands to the printer using PJL and upload files. It's nice to see some focus on this and I can't wait to test out these new tools. Printers are one of those device types that no one pays attention to, but should be part of your overall security program.
  • Analyzing MIT Wireless Traffic - I think it's really neat that MIT showed this particular student the proper way to obtain permission and analyze traffic. I really like the use of simple command line tools to gather network traffic information. You can gain great insight into your network and find out all sorts of information, even security related, just by reviewing the layer 3 protocol information.
  • Default Database Passwords Still In Use - Default passwords really annoy me and I can't understand why they are still in use! Especially when it comes to databases... why not just let the database admin choose a password that isn't the default?
  • FBI seizes $143 million of fake Cisco hardware - I have a growing concern that while we are all so concerned with software security, it may be the case that hardware is now being compromised. This may be the case with fake Cisco hardware originating from China. You may not be able to tell that that brand new router is a fake until it's too late. If you place it in your network, what if under the covers it is compromised and uses a backdoor to re-route traffic or letting attackers connect remotely? This is scary, especially because it falls outside the scope of many security programs.
  • Why compliance is chosen over security - I believe that compliance and security is a delicate balance. Let's not forget about making good business decisions either!

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.