Tenable Network Security Podcast - Episode 14
Welcome to the Tenable Network Security Podcast - Episode 14
Announcements
Correction: Nessus 4.2 supports Suse 10 Enterprise.
- Nessus 4.2 is released! - Brand new web interface, performance and reporting improvements, and wider platform support. Listen in for the exclusive details!
- A new video has been released that covers how to use Nessus 4.2, the latest version of Tenable's Nessus vulnerability scanner.
- Tenable Network Security's CEO, Ron Gula, is featured in SC Magazine as one the entrepreneurial visionaries who have launched successful IT security companies in the last 20 years.
- We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!
Stories
- Smart vs Stupid: But Not Why You Think So! - I really like this post because it is so matter of fact and to the point. Anton lists out defensive measures and risk mitigations that work, and ones that don't. He puts them in two columns called "Smart" and "Stupid". For example monitoring for attacks is smart, but saying, "Nobody wants to hack us", is well, not so smart.
- Don't Be Afraid To Use A Cheat Sheet - Along the lines of being prepared (and knowing that someday a compromise will occur on your network) having a cheat sheet is a life saver. When an incident occurs, it can be a stressful environment. Management is pressing to find out what happened, systems administrators are pushing to get systems back on line, and you are left wondering just how many systems were compromised, and more importantly how. Having a cheat sheet helps you keep a cool head and not struggle to remember commands or use incorrect syntax, which can greatly reduce the precious response time.
- New Plugin: SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection - Remember that nasty SSL bug that allows for MiTM attacks? Nessus now has a plugin to detect this condition on certain systems. This is a remote check that can identify systems that may be vulnerable to this attack. More details and references are listed in the plugin output.
- New Plugin: HTTP Cookie Import - This is a really nice feature to have when doing web application testing. Some applications will use cookies for various features, and trying to audit them without setting the values can be challenging, if not a futile effort entirely. Now you can use Nessus to import the application's cookies and then perform the vulnerability testing. Cookies can provide authentication information and other parameters that need to be present for the application to function properly. In order to retrieve an application's cookies you can use the Firefox extension called Export Cookies.
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Podcast