Tenable Network Security Podcast - Episode 78
Welcome to the Tenable Network Security Podcast - Episode 78
Hosts: Paul Asadoorian, Product Evangelist, Carlos Perez, Lead Vulnerability Researcher
Announcements
- Several new blog posts have been published this week, including:
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
Stories
- SCADA: Security is Only One Part of Availability - While this may be true, how do you measure the likelihood of events causing disruptions to service? This is where I like to see threat modeling come into play, but it's tricky business. While some events are immediately recognizable as disruptions, such as a tsunami, what about attacks that are much more stealthy, until such time they cause a disruption?
- Network security blunders: Tales from the field - Wow, I've made some of the same blunders talked about in this article. Even more, it makes me question the effectiveness of firewalls. Managing a firewall is not an easy thing, and with attackers using methods that are extremely firewall-aware, I'm suggesting that our efforts are better spent in other areas of security (process monitoring, event management) and simplify the firewall rules and management.
- Open-Source Tool Similar to Maltego - Information gathering is a critical part of in-depth security assessments, and it's great to see tools out there to help people perform this service. Also, if you are defending a network it is a good idea to see what these tools return. You might be surprised just how much information is available about your organization.
- "Shairport" - Apple Private Key Exposed - Turns out Apple uses the same private key on all Airport Extreme products.
- Dropbox Found Using Host ID For Authentication - A host ID is used for authentication and is unique per machine, but can be easily stolen and re-used.
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
- Podcast