Welcome to the Tenable Network Security Podcast - Episode 78
Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher
- Several new blog posts have been published this week, including:
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
- SCADA: Security is Only One Part of Availability - While this may be true, how do you measure the likelihood of events causing disruptions to service? This is where I like to see threat modeling come into play, but it's tricky business. While some events are immediately recognizable as disruptions, such as a tsunami, what about attacks that are much more stealthy, until such time they cause a disruption?
- Network security blunders: Tales from the field - Wow, I've made some of the same blunders talked about in this article. Even more, it makes me question the effectiveness of firewalls. Managing a firewall is not an easy thing, and with attackers using methods that are extremely firewall-aware, I'm suggesting that our efforts are better spent in other areas of security (process monitoring, event management) and simplify the firewall rules and management.
- Open-Source Tool Similar to Maltego - Information gathering is a critical part of in-depth security assessments, and it's great to see tools out there to help people perform this service. Also, if you are defending a network it is a good idea to see what these tools return. You might be surprised just how much information is available about your organization.
- "Shairport" - Apple Private Key Exposed - Turns out Apple uses the same private key on all Airport Extreme products.
- Dropbox Found Using Host ID For Authentication - A host ID is used for authentication and is unique per machine, but can be easily stolen and re-used.