Tenable Blog

Many organizations have IT configuration polices that require CDs and USB drives to be disabled. This blog entry discusses a simple way to use a Nessus 3 .audit file to test a Windows 2003 server for the correct registry settings that disable "AutoRun" of programs on CDs as well as disables USB drives.

Windows 2003 Registry Settings

On Windows 2003 servers, the following registry setting controls "AutoRun" for CD drives:

HKLM\SYSTEM\CurrentControlSet\Services\Cdrom

On January 3rd, 2007, Tenable's research group released a NASL script (plugin #23971, currently available to Direct Feed and Security Center customers) to test if a scanned host is on a different logical network, but also on the same physical network. If this is the case, your network may have a potential security issue, as IP based access control filtering may not be effective.

This entry concerns more information and analysis of output from the "Never Before Seen" TASL script for the Log Correlation Engine (LCE). We've had the script running at several customer locations and have had interesting data to discuss which helps show the script's usefulness. This blog entry discusses analyzing the results from IntruShield IPS events as well as overall "never before seen" event trending.

Tenable Network Security has released version 3.0 of the Passive Vulnerability Scanner (PVS). This version supports realtime vulnerability alerting, enables monitoring of corporate networks for data leakage and completes the re-branding from "NeVO".

Tenable recently increased the flexibility of performing configuration assessments of Windows  access control lists (ACLs) with the Nessus compliance checks.

Previously, an ACL policy could only be built with exact understanding if it were "inherited" or "not inherited". For large numbers of checks, it might not make any difference if an ACL were inherited from someplace else or not, just that the actual ACL was correct.