Tenable Blog

Welcome to the Tenable Network Security Podcast - Episode 4

Announcements

We've moved our video site! Due to some problems with Blip, all of our videos can now be found on YouTube in Tenable Security's Video Channel (http://www.youtube.com/tenablesecurity).
• New whitepaper titled "Web Application Scanning with Nessus" has been released and covers some of the updated features added to Nessus in support of web application testing..
• Nessus 4.0.2 has been released, featuring support for Windows 7 and Snow Leopard.
• As always be sure to check out our blog at http://blog.tenablesecurity.com
• A new presentation has been posted to the Tenable Web Site. It is titled "Bob's Great Adventure: Attacking and Defending Web Applications" by Paul Asadoorian"

Tenable is pleased to announce the release of Version 4.0.2 of the Nessus vulnerability scanner!. This release includes several fixes and support for the latest operating systems from Microsoft and Apple. All customers are encouraged to upgrade to the latest version of the Nessus Server and NessusClient. Following is a summary of some of the fixes and improvements:

Welcome to the Tenable Network Security Podcast - Episode 2

Tenable is pleased to announce the release of the Tenable Virtual Appliance! The appliance replaces the Nessus VM Appliance and provides a preinstalled image of all Tenable applications in one easy to configure interface. The Tenable Virtual Appliance is available for Tenable customers and is provided for use with VMware Server, VMware Player and VMware ESX Server. Currently, Nessus and Security Center applications are available on the appliance with the Log Correlation Engine and Passive Vulnerability Scanner to be released soon. Tenable ProfessionalFeed customers can download the latest version of the Tenable Virtual Appliance along with any available updates from the Tenable Support Portal.

A "Rogue" Access Point

Detecting and preventing rogue wireless access points is a major concern for many organizations. It is important to ensure that all wireless networks are established and configured in compliance with the organization’s policies and standards for wireless networks. The problem is that it is very easy for a user to establish a rogue wireless access point either inadvertently or deliberately. A wireless access point plugged into your network will typically have an Ethernet connection tied into some part of your LAN, and provide wireless access to an attacker that bridges the connections. Users could put one on the network for convenience, or a company provisioned access point could be misconfigured by the IT department. Recently the PCI standards council has produced a document called "The Information Supplement: PCI DSS Wireless Guideline", that outlines the recommendations for securing wireless networks for PCI DSS compliance. This is a good reminder of the importance for organizations to continually seek out rogue access points in their environments and remove them.