Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 59

Welcome to the Tenable Network Security Podcast - Episode 59

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Special Guest: Carlos Perez, Lead Vulnerability Research Engineer

Announcements


Stories

  • Nessus Plugin 50658: Stuxnet Detection (uncredentialed check) - Stuxnet has been one of the most talked about pieces of malware this year. Nessus can now detect Stuxnet on the network!
  • Passwords Are Not Safe - Each week I keep seeing more powerful GPUs, cheaper prices on the hardware, and more software becoming available for intense password cracking. You could build a machine with multiple CPUs, tons of RAM, and multiple GPU cards for well under $5,000 and crack passwords at lightning speed. I think we need to move beyond passwords and require another form of authentication in addition to the password. This seems so simple, why don't we do it?
  • "That's Too Hard" - We've all heard it before, the "that's too hard" excuse when it comes to information security. A much better excuse is "That doesn't align with our business goals or acceptable risk levels". Dave outlines several common areas where the "it's too hard" excuse comes in, such as application whitelisting, secure coding, and outbound network ACLs and filtering. He also mentions the "cowboy culture in IT". I agree, some administrators are too quick to pull the trigger and change management can help. However, I've been in a situation where I had to jump in and "save the day" (capes may have even been involved) and my entire group was labeled as "cowboys". This really hurt our reputation in the organization and made things difficult for us for quite some time. Be careful with change management and cowboys, because it is a double-edged sword.
  • On Security Conference Themes: Offense *Versus* Defense – Or, Can You Code? - I agree, offense is sexy, it's definable, and it's demonstrable. However, what about defense? Many security conferences are filled with talks about the latest and greatest ways in which to penetrate systems. That's great, and don't get me wrong, I love talking about offense. However, defense is important, except it's not as sexy, not as definable (well, at least it's different for each person/organization), and it's not as demonstrable. One of the things I will be working on in the next few months: making defense sexy.
  • Nessus Parsing 101 - This is a great little write-up that shows you how to implement some Bash scripts to do basic parsing of NBE files. While I use many different methods to parse, sort and create reports from Nessus results, sometimes a quick and dirty Bash command is the best method, and this tutorial does a nice job!

Download Tenable Podcast Episode 59