Tenable Blog

On Wednesday, August 15th, 2007, Tenable Network Security will begin converting CVSS base scores for Nessus and the Passive Vulnerability Scanner (PVS) plugins from version 1 to version 2. This blog entry discusses how some of the plugin severity and risk ratings will be changing due to our adoption of the new and more accurate CVSS version 2 standard.

CVSSv1 and CVSSv2

While reading the 'Declaration of Interdependence' series of articles in the July 1st issue of CIO Magazine (including an additional online article named 'Users Who Know Too Much and the CIOs Who Fear Them'), the term "Shadow IT" was used to describe the aggregate amount of personal, walk-in and employee owned software and hardware that makes its way onto corporate networks and computers.

Tenable's sales and support groups continue to get the following type of question:

"I'm considering purchasing a scanning service from vendor XYZ and they claim to use Nessus. Are they certified by Tenable to perform PCI scanning audits?"

There are several points to consider when such a question is posed and this blog entry will attempt to discuss many of the nuances involved with this issue.

Products are not Certified for PCI Audits

Tenable's Research group has produced two Nessus PCI configuration .audit files for both the Windows and Linux operating systems. These configuration checks are derived from specific recommendations and audit requirements based on the PCI 1.1 standard.

Tenable Network Security's Research staff recently added the ability to use LanMan/NTLM hashes as a form of credentials for Windows audits. If you use Nessus as a penetration testing tool, this allows you to take the hashes you have obtained with pwdump, lsadump, Cain, .etc, and use them to perform Nessus audits.

Leveraging Hashes and Nessus for Penetration Testing

Below is a screen shot of adding a hash to a Nessus scan policy: