Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Network Security Podcast - Episode 54

Welcome to the Tenable Network Security Podcast - Episode 54

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

Stories



  • "The Evil Maid Attack" - Here's the scenario: you've left your laptop in your hotel room while you went out around town, to a conference or out to dinner. Because you know that there are attacks that can use the Firewire bus to steal your hard disk encryption keys, you've powered down your laptop. An evil maid comes in, plugs in a USB thumb drive with special code on it, powers up your laptop and infects it with malware. The next time you log onto the system and enter your password to decrypt the drive, the malware records it and stores it to disk or sends it to the attacker. The next day or at some point in the future, the attacker can steal your laptop and now has the code to decrypt your drive. Moral of the story: never leave your laptop in the hotel room unattended.

  • Half Of UK Homes Have Open Wifi - A study was conducted to seek out just how bad the security of wireless networks is in the UK. They found that just about half the homes in the UK had open access points or used WEP to protect their networks. I just want to point out that as if WEP wasn't bad enough, there are several ways in which to crack it today that are vendor or implementation specific. For example, Verizon FIOS, the Neesus Datacom 21-bit attack, and aircrack PTW. Despite these attacks, you can still find manufacturers using WEP by default, unless smart users re-configure their routers to use WPA. Even WPA-PSK with a long random passphrase is adequate to stop most attackers from accessing your wireless network. Why isn't that the default?

  • India's Operating System - As to not rely on Western technology, India has decided to write its own operating system. Good luck with that. Microsoft has been at it for a while now, and just fixed 49 security vulnerabilities. I think operating systems are like encryption; anyone who tries to write one themselves will suffer enormous security problems because it will be largely untested. Also, I'd hardly call Linux "Western" technology.

  • Do we really know what we're doing? - I find this Fishnet Security study to be compelling. Let's look at some of the data that was collected. For example, the top security concerns according to the survey are: mobile computing 69%, social networks 68%, and Cloud computing platforms 35%. Now, let's take a look at the spending percentages, which are firewalls 45%, antivirus 39%, authentication or anti-malware 31%. Hrm, something doesn't add up here! I'm not saying ditch your firewalls, but you have to adapt to the ever-changing threat. Just what does that mean? It means different things to different organizations. For some, it may mean outsourcing your firewall management and maintenance. For others, it may mean not upgrading your firewalls this year. Security needs to be tuned for your needs according to the current threats, not attacks from 1990.

  • Facebook to issue one-time passwords - When I read the title, I thought this was a great idea! One-time passwords could work to help solve the user security problem. For example, it's really hard to stop an attacker from getting on a system and installing a keystroke logger and stealing the user's password. If the password is only valid for a short period of time, this greatly limits the risk. However, sending it via TXT message to your cell phone is not such a great idea. What if your cell phone is compromised?

  • Newer operating systems are more secure? - Not sure if I'm buying this one, but statistics from Microsoft show that new operating systems such as Vista and Windows 7 have lower infection rates. I think it's just because XP is still more popular in terms of number of seats and attackers have tried and true exploits for them. It will take some time for attackers to catch up and get around to creating exploits that work well on the new platforms and bypass the new security measures.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training