Tenable Blog

Many of today's latest worms and viruses are using interesting methods to propagate across the network. For example, the Conficker.A / Downadup worm sets up a web server for victims to connect to and download a copy of the malware. What I find interesting about this method is that no matter what request is made to the HTTP server, it responds with a Microsoft executable file. Nessus detects such an HTTP server with plugin id 35322 "HTTP Backdoor Detection":

Passive Detection

Monitoring networks for potential security violations can uncover some interesting events and surprising aspects of applications.
Base64 encoding is used by many applications to "obscure" the password when it travels across the network. Base64 encoding does not implement a cryptographic algorithm to protect sensitive information, yet is often used in many networks and end-user applications.

Tenable recently released an audit policy for Linux servers running PHP which tests for hardening recommendations from the Open Web Application Security Project (OWASP). OWASP maintains a set of guidelines for hardening web servers, with specific attention given to PHP and Cold Fusion technologies.

(Note: This Blog was originally released in 2007 and was updated in March of 2009 to reflect an additional form of OS detection based on HTTP banners.)

Tenable's Research group recently introduced a highly accurate form of operating system identification. This new method combines input from various other plugins that perform separate techniques to guess or identify a remote operating system. This blog entry describes this new process and shows some example results .

Why a new process?

Two reasons.

Earlier this year, Michel Arboi wrote a blog post explaining how to use Nessus to call Nikto and incorporate the results into Nessus output. Most newcomers to Nessus have enabled the nikto.nasl wrapper only to find it produced no output. Some Nessus users have found various ways to ensure Nikto was called correctly and the output displayed. Others chose to run Nikto separately for various reasons. The following guide will explain how to easily configure Nessus to properly call Nikto.

Tenable recently announced two programs to provide access to the ProfessionalFeed for charitable organizations and classrooms that offer information security training. Full details of the programs are listed below:

Nessus has several new features for auditing systems via Secure Shell and coincidentally, there was a major vulnerability announced this week regarding OpenSSH servers whose public keys are trivially guessable. This blog entry discusses these new features and SSH audits.

Full "su" and "sudo" Support

Very often, Nessus is used by MSPs, consultants and IT security staff to test the security of an Internet facing server. Occasionally, we see the default settings of Nessus, which are optimized for a credentialed internal LAN audit, used to audit an external server. Although this usually results in a majority of the vulnerabilties being identified, Nessus can be configured to work a bit harder for these types of scans. This blog entry details some different strategies and scan settings that can be used to perform a more complete audit of an Internet facing server.

Historically, active vulnerability scanning of network printers and older Novell NetWare servers could be problematic. Sometimes a simple port scan with any type of auditing tool would cause a network printer to print paper, crash or interrupt real print jobs. Similarly, older Novell NetWare installs were also subject to crashing when having their servers fingerprinted.

Tenable Network Security is proud to announce the availability of Nessus 3.2.0, as well as NessusClient 3.2.0. Nessus 3.2.0 is a major release, containing several changes from Nessus 3.0.x :

New Features