Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Network Security Podcast - Episode 10

Welcome to the Tenable Network Security Podcast - Episode 10

Announcements

Interview: Jason Holcomb - SCADA Security

JasonProfilePic3.jpg
Jason Holcomb - Digital Bond


Jason Holcomb is a key contributor to Digital Bond's control system security research and consulting practice with a lead role in asset owner security assessment services. He is also the technical lead for Bandolier, a Digital Bond research project for the US Department of Energy. In this role, he is working with vendors and asset owners to identify optimal security configurations for control system applications. As a result of Mr. Holcomb's work with Bandolier, thousands of security settings buried in the applications and operating systems are now--for the first time ever--catalogued and measurable using the Bandolier security audit files.

Stories

  • Better Security For All - This is an interesting account of a security professionals journey to getting all of the machines in the Windows domain to adhere to an logout timer setting. They queried the machines on the network and found that 70% of their users had disabled the logout timer all together. However, they found that 1500 machines had been changed such that they would log out after 10 minutes, when the policy was going into effect that would change it to 15 minutes for all computers, and not give the end user the option to change it. You should be considering applying this policy in your domain as well, even if the other peers in your industry are not. I've always been skeptical when a manager asks me, "well, what is everyone else doing?". It goes back to my credo that you need to be in charge of risk management and security in your environment and make sure it reflects your bottom line, not someone else's.
  • Windows 7 Forensics - Great post from Rob Lee over at the SANS Institute that covers some of the changes in Windows 7 and how they effect forensics, and specifically the browser configuration/history, and roaming profiles.
  • Auditing Approved Services with Nessus Policy Compliance and WMI - A great post from Jason (interviewed on this episode!) on how to use Nessus audit files to be certain that only approved services are running (He uses WMI, go Jason!).
  • Don't Be The Smelly Kid - This is a great little post that compares security to good hygiene, as in something you are never completely done with, but that has to be done on a regular basis. So don't be the smelly kid!
  • Nessus Plugin For Firefox Released - Vulnerabilities in the browser can be deadly as malicious code can hide on just about any web page, its important to update your browser and query your environment to be certain all your users are up-to-date as well. Nessus plugin 42306 will check that Firefox is on the latest, 3.5.4, version.

Tenable Events

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.