Tenable Blog

Getting to ShmooCon each year is always challenging (as is trying to get home). Mother Nature seems to enjoy disrupting the travel to and from the conference, which is held in Washington, D.C in January or February of each year. Despite the weather issues, I've always found it to be a conference worth attending. It features quality talks, leading security researchers sharing thoughts and ideas and several extra events such as "Firetalks" and "Hacker Karaoke".

From Printer to Domain Admin

I've always been fascinated with the concept of attacking printers. The common misconception of "oh, it’s only a printer" makes them a prime target for attackers because people believe that printers pose little to no security risk. This mindset typically translates to the following conditions, which help to fuel my fascination:

The Nessus App for iPhone is a great way to keep tabs on running Nessus scans, initiate new scans, and quickly review vulnerability scanning results. The app is available for free in the iTunes store and works with Nessus server versions 4.2 or later and the Nessus PerimeterService. Below is a short video showcasing its features:

I've recently been doing a bit of research into the history of Nessus. I discovered that the first version of Nessus was published in 1998, and any time software has been around for that long there are bound to be some myths and misconceptions that develop as fast as new features over the years. This post will explain some common myths and set the record straight.

Welcome to the Tenable Network Security Podcast - Episode 66

Hosts: Paul Asadoorian, Product Evangelist

Announcements

• Several new blog posts have been published this week, including:
  • Putting a Virus under the SIEM Microscope Webinar
  • Microsoft Patch Tuesday Roundup - January 2011
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new 3D Tool Beta.


• We're hiring! - Visit the Tenable web site for more information about open positions.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!

The first Microsoft bulletin of the year, MS11-01, only affects Windows Vista and is classified by Microsoft as "important". For those not running Vista, this patch can safely be ignored. It’s easier for smaller organizations to keep up with operating system upgrades and patches on desktop systems. However, if your organization has over 10,000 desktops, upgrading all of them is a daunting task. I really like the idea of using "cloud computing" for this purpose. Yes, I’m suggesting that we use “cloud computing” to improve security! However, in this case, I am talking about a cloud that operates and is managed within the organization, not by a third party. If you are planning on putting your applications and data in, for example, Amazon’s cloud, then you are outsourcing your security to Amazon. It may be better to implement your own cloud to control the security and data. Rather than hosting all of your software and data on a laptop or desktop, the laptop or desktop just gives you access to the applications and data. This is not a new concept, but as more and more laptops will be lost or stolen and client-applications will have vulnerabilities, I believe it’s a logical solution to the problem.