Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog


Tenable Network Security Podcast - Episode 85

Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher


  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.

  • We're hiring! - Visit the Tenable web site for more information about open positions.

  • You can subscribe to the Tenable Network Security Podcast on iTunes!

  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

  • Stories

    • RSA finally comes clean: SecurID is compromised - It turns out to be true: attackers possess the seed values for the tokens and the encryption algorithm is already public. RSA says they withheld the information because they did not want to tell attackers how to implement attacks, but it turns out evil bad guys figured it out and used it to attack Lockheed Martin. RSA is now offering to replace all 40 million+ SecurID tokens worldwide. Ouch. This is a breach that cost RSA dearly, in terms of money and reputation.
    • Detecting New Hardware by Ethernet Address - Detecting new hosts that have connected to your network can provide some interesting events to analyze. For example, if all of a sudden you have 30 new hosts on your servers' subnet, there may be something wrong, such as one host impersonating multiple systems or other layer 2 attacks.
    • Chinese army: We really need to get into cyber warfare - I believe China gets blamed for a lot of attacks, both "cyber" and real-world. I also believe they are putting massive efforts into "cyber warfare"; whatever that means to you, they are most certainly directing attention to techniques that use computers and networks as a part of "warfare". They claim to be much farther behind than most believe, stating "Just as nuclear warfare was the strategic war of the industrial era, cyber-warfare has become the strategic war of the information era, and this has become a form of battle that is massively destructive and concerns the life and death of nations."
    • Apple iOS: Why it's the most secure OS, period - Their reasons are far over-stated, almost as if Apple wrote this article themselves! They list five reasons why iOS is more secure than most desktop applications, and they are less than compelling (in my opinion anyhow):
      • A sandbox isolates programs and iOS's memory - Okay, this may be the one thing that actually does contribute to a more secure platform. However, desktop operating systems have had similar protections (DEP, ASLR) for quite some time now. It's clear that mobile platforms are still playing catch up.
      • Applications are vetted by Apple - Apple must have some serious resources dedicated to reviewing code. Even so, there is a fundamental problem with this: once an application is vetted, the code can change and updates to apps will modify the function of the app. For example, a perfectly legitimate Flashlight app may allow tethering. Sure, Apple may find it, but only after thousands of people install it. And really, how do you control what 425,000 apps are doing?
      • Patches can be quickly applied - While patches can be released, there is nothing forcing the user to apply them. In fact, many people report that "non-techie" iPhone users never apply iOS updates, or even plug the phone into the computer.
      • The software is regularly reviewed - Review all you want, there will still be vulnerabilities.
      • Attackers still target smartphones far less than desktop systems - This has to be the most ridiculous part of the article. It's like saying, "No one breaks into the homes in my neighborhood, so I leave my doors unlocked and windows open".
    • So why are senior U.S. officials using Gmail? - Turns out this problem is twofold: 1) many government agencies are moving to Gmail as their email platform and 2) many people keep two email accounts, one for corporate/government use and one for personal stuff. The problem with the latter is that people forward "work" emails to their personal accounts. I hate to say it, but I will say it anyway: sometimes PGP is the answer. Now, that only solves part of the problem, but it certainly helps.
    • 8 security considerations for IPv6 deployment - I want to address just one statement in this article (which is a great article, so you should read the whole thing): Many users may be obscured behind fixed sets of addresses. Obscuring users behind large network address translation protocol translation (NAT-PT) devices could break useful functions like geolocation or tools that enable attribution of malicious network behaviors, and make number and namespace reputation-based security controls more problematic. I believe there is something to be said for not giving all your systems routable IP address space on the Internet. It makes attacking those systems just a little bit harder. I also don't believe that NAT is that difficult to implement, nor is it that tough to keep documentation of IP address mappings. I've seen large environments go from internal to external and vice versa, and the results when everyone has a routable IP address are not good.
    • vCash, Crypto, and Anonymization Equals Drugs to Your Door - A new form of currency is being used called "bitcoins". It's a new digital currency, and some say it could undermine real currency and be used to buy illegal goods and services.
    • MS Web Application Configuration Analyzer - The rule checks were determined by Microsoft's own Information Security & Risk Management review team, whose job it is to harden pre-production and production servers within Microsoft. These checks are now being shared with the public. We often get hung up on firewalls, WAFs, IPS, IDS, and anti-virus. I'd like to see all of us get back to basics and ask yourselves the question: "Are my systems configured properly?" as I believe this goes so much further than "stop-gap" protections.
    • Worm uses built-in DHCP server to spread - It then scans for available addresses on that network and launches its own DHCP server. When another machine on the LAN makes a DHCP request, it attempts to answer before the legitimate DHCP server, sending an IP address from the pool of previously gathered addresses, the gateway address as configured on the infected system and, for DNS, the IP address of the criminals' maliciously configured DNS server. It's nice, or rather not-so-nice, to see this attack being automated in common malware. It's an attack that most penetration testers have used for years, and many have defended against in the past. However, it has always been a localized one-off type of attack. Now it's embedded inside malware so you better be able to detect and defend against it. I once knew of folks configuring their switches to detect so-called "rogue DHCP servers".
    • Logging Isn't Hard -- Getting Started Is - Considering how ridiculously low-cost hard drive storage is, there's no reason why the smallest SMB can't set up a server with a 1- to 2-terabyte hard drive to serve as central collection point. I couldn't agree more. My first SEIM was a Linux server with as much disk space as I could afford. It ran syslog and I pointed logs from as many devices and systems as I could at it, and then used sed/awk/grep to find events of interest. Of course, there are better solutions that exist today, but if you can get started on the cheap, then you have a better chance of showing management the benefits and getting something with more features.
    • Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - security vulnerabilities database - Cisco Unified IP Phones 7900 Series devices are affected by a signature verification bypass vulnerability that could allow an authenticated attacker to load a software image without verification of its signature. This vulnerability allows an attacker to upload new firmware to the phone. This can be a very stealthy form of eavesdropping. Who's going to know that one of their phones is compromised?

    Related Articles

    Are You Vulnerable to the Latest Exploits?

    Enter your email to receive the latest cyber exposure alerts in your inbox.

    Try Tenable.io


    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

    Buy Tenable.io

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    65 assets

    Choose Your Subscription Option:

    Buy Now

    Try Nessus Professional Free


    Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy Nessus Professional

    Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

    Try Tenable.io Web Application Scanning


    Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

    Buy Tenable.io Web Application Scanning

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    5 FQDNs


    Buy Now

    Try Tenable.io Container Security


    Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

    Buy Tenable.io Container Security

    Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

    Get a Demo of Tenable.sc

    Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

    Try Tenable Lumin


    Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

    Buy Tenable Lumin

    Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

    Request a demo of Tenable.ot

    Get the Operational Technology Security You Need.
    Reduce the Risk You Don’t.


    Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.