Welcome to the Tenable Network Security Podcast Episode 126

Announcements

• Detecting Malicious Processes Using Nessus
• Configuration Mistakes Make for Costly Security Gaps
• Concerns Raised About Time Taken to Detect "Flame"
• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• phpMyAdmin Function Information Disclosure
• phpMyAdmin SQL Query Bookmarks Arbitrary SQL Query Execution
• Cisco ASA Cut Through Proxy Authentication Vulnerability
• Symantec Web Gateway Shell Command Injection (intrusive check)

Keeping Malware in Check

A limitation of antivirus (AV) agents is they often do not evaluate the entire known malware sample found running on a system. Polymorphic and mutating viruses make it possible for one AV vendor to detect a malicious sample and another to completely miss it. It's not feasible to run every AV program available on the market today in your network to make up for gaps in coverage. Nessus already helps you with malware detection, for example:

• Nessus reports if the scanned host is on a known botnet list, communicating with a known botnet IP, or hosting malicious content associated with botnet propagation.
• Nessus audits your antivirus agent by reporting if it’s misconfigured or has out-of-date rules.

Tenable's research team recently added new functionality to Nessus which will detect known malware running on your Windows scan targets. Below is an overview of how this new feature works:

1. Nessus authenticates to the Windows system.
2. Nessus enumerates the list of running processes on the system.
3. For each process, a cryptographic hash is generated and looked up against Tenable's cloud-based database
4. If the process is found to be malicious, the plugin logs the results with information about the malware found.

You can watch a short video on how to configure and run this plugin below:

Annoy, attribute, and–with care–attack the attackers who are attacking you. In this RSA presentation, Tenable Product Evangelist and PaulDotCom Host Paul Asadoorian is joined by colleague John Strand to discuss and demonstrate Offensive Countermeasures: Making Attacker's Lives Miserable. Watch now on YouTube. 

Welcome to the Tenable Network Security Podcast Episode 125

Announcements

• New Nessus Feature Added: CSV Export
• Tenable Network Security Named Top ‘Cyber Warrior’ at Baltimore SmartCEO VOLT Awards
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• QuickTime for Windows Versions prior to 7.7.2 Vulnerabilities - A long list of stack, heap, and integer overflows in Quicktime is fixed with this set of patches for Quicktime running on Windows. I'm curious to see if there are exploits available and how modern protections against them will work, or not.
• SolarWinds Storage Manager Server LoginServlet SQL Injection - This is usually bad: "The version of SolarWinds Storage Manager running on the remote host has a SQL injection vulnerability in the 'loginName' parameter of the 'LoginServlet' page." This typically means you don't need credentials to exploit the vulnerability, and access to the database via SQL injection can lead to shell access and the ability to download the data contained on the system.
• Pidgin OTR (Off-the-Record) Format String Vulnerability - I've used OTR for some time now to prevent attackers from snooping on my IM conversations. It sounds like this could be exploited if you accepted a key from someone who was sending a malicious OTR key, thus triggering the format string vulnerability.

Cyberwar remains a hot topic of conversation in both political and technology circles. But Tenable Chief Security Officer Marcus Ranum asserts that much of the discussion has been--and remains--misleading and inaccurate. In this presentation from the 2012 RSA Conference, Marcus outlines his thoughts on the multiple problems that comprise cyberwar to get past the hype and articulate what risks actually exist. Watch now on YouTube.

Tenable has added a compliance check for Windows which allows users to compare file hashes using a .audit script (Windows compliance checks v2.0.32 or later). By default, MD5 is used to compare two versions of a file, however, users can compare hashes generated with SHA1, SHA256, SHA384, SHA512, or RIPEMD160 algorithms.

Microsoft PowerShell must be installed and WMI must be enabled on the target for these checks to work. If the Windows firewall is enabled, be certain it's configured to allow inbound remote administration (Windows Firewall: Allow inbound remote administration exception).

Below are some examples:

<custom_item>
type           : AUDIT_FILEHASH_POWERSHELL
description    : "Audit FILEHASH - MD5"
value_type     : POLICY_TEXT
file           : "C:\test\test2.zip"
value_data     : "8E653F7040AC4EA8E315E838CEA83A04"
</custom_item>
 
<custom_item>
type           : AUDIT_FILEHASH_POWERSHELL
description    : "Audit FILEHASH - SHA1"
value_type     : POLICY_TEXT
file           : "C:\test\test2.zip"
value_data     : "0C4B0AF91F62ECCED3B16D35DE50F66746D6F48F ||  "QB4B0AF91F62ECCED3B16D735DE50F66746D6F451"
hash_algorithm : SHA1
</custom_item>

For more information, and to download more examples of this feature, please visit the Tenable Support Portal.

Encryption is Only as Strong as the Key

In this case, encryption breaks down because the OS X user's password (used to unlock an encrypted volume) is logged in clear-text via debugging function to a system-wide readable log file. In this scenario, a user running Mac OS X 10.7.3 would encrypt their drive using File Vault, which is included with OS X and encrypts the entire contents of your hard drive. When your system boots up, or you access your files over AFP (Apple's File Sharing Protocol), the system uses your password to decrypt the contents of the drive and your home folder. Debugging in vulnerable versions was enabled such that the password was logged in plain-text to /var/log/secure.log, as follows:

25/04/2012 13:12:12.340 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:usernam e:] | about to call _premountHomedir. url = afp://mymacbookpro, userPathComponent = paul, userID = 001, name = paul, passwordAsUTF8String = mysupersecretpassword

Exporting To CSV

Nessus now supports the ability to export your reports into a comma-delimited file format (CSV). Using this export format, you can import the results into your favorite spreadsheet program. Tenable recommends using the following software:

• Microsoft Excel 2010 or later
• Apple iWork Numbers

To export a CSV-formatted report, select any of your existing Nessus results, click "Download Report," and then choose "CSV" as shown below.

Select the "CSV" Reporting Format

Welcome to the Tenable Network Security Podcast Episode 124

Announcements

• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• Mac OS X Multiple Vulnerabilities for Security Update 2012-002
• OpenSSL Versions Between 1.0.0 and 1.0.0j Denial of Service Vulnerability
• Mac OS X FileVault Plaintext Password Logging

Embedded Device Security Woes

Having researched embedded device security for quite some time, it never ceases to amaze me how manufacturers present vulnerabilities in their products. While I do not want to start picking on specific manufacturers (as the development process is not as easy as one might think), RuggedCom's Rugged Operating System (ROS) recently had a vulnerability disclosed. According to their website: "RuggedCom [a Siemens business unit] designs and manufactures rugged communications equipment for harsh environments." They produce a full product suite, from Ethernet switches to wireless networking, aimed at industrial (SCADA) usage.

A recent vulnerability detailed how remote management services, including TELNET and SSH on select firmware versions, contained a factory backdoor. The username of "factory" and a password derived from the MAC address could be used to log into the device. The MAC address for the devices is displayed in the login banner before entering the username and password. A post to the Full Disclosure mailing list on April 23, 2012, revealed this vulnerability to the public.

Scanning Your Network For The Vulnerability

Keeping Your Workforce Productive

Companies maintain IT resources and hire employees to further their business. Invariably, employees will take breaks or look to cut corners when they think no one is looking. In today’s networked world, those breaks frequently take the form of web surfing or personal email. Many companies allow such behavior, within reason, as it boosts morale and helps keep employees from burning out. However, at times, lines are crossed and an employee may be using too much time for personal needs. It is important for a company to be able to monitor this in order to enforce an acceptable balance between work and breaks.

Tenable’s Passive Vulnerability Scanner (PVS) is able to detect a wide variety of Web-based games, including ones found on Facebook. Such games are often a "quick indulgence" where the employee thinks they will only play for a few minutes. In fact, many of the games are designed with a time-based component which essentially stops a user from playing for hours at a time. These same games also have a pretty quick refresh rate, allowing a user to play a few minutes every hour, for example. Over time, those few minutes can add up quickly, especially when a person plays several different games.

Using PVS and SecurityCenter, administrators can quickly determine the extent of employees playing these games, wasting both time and computer resources. With a custom dashboard created by Tenable which uses data from our collection of PVS game detection plugins, administrators can better visualize the social media’s game activity on the network. Based on your organization’s policy, this may indicate violations requiring action by management.

Tracking Facebook Games

You can download the SecurityCenter dashboard template by visiting the Facebook Games entry on the SecurityCenter Dashboards blog.

Welcome to the Tenable Network Security Podcast Episode 123

Announcements

• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• CiscoWorks Common Services HTTP Response Splitting - HTTP response splitting is a tricky vulnerability, and therefore may be dismissed by some as unimportant. Essentially, it can give attackers control of a web application if they can convince users to click on a link or load HTML code in their browser. Also important to note that CiscoWorks is used by many to manage the entire network infrastructure. My attack against this software would aim to steal the SNMP or other credentials on all the network gear in your network.
• MediaWiki Multiple Vulnerabilities - Important updates for this software if you are running MediaWiki, a very popular Wiki software which also runs Wikipedia.
• VMware Workstation, Player, ESXi and ESX Critical Patches - ''This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.'' - Any vulnerability which allows an attacker to execute code on the host system of your VMs should get the highest priority on your patch list.
• PHP Unsupported Version Detection - Keep up-to-date with your PHP releases! Easier said than done, as some developers will write applications which lock you into a specific version, making upgrading a much slower process.
• RuggedOS Telnet Server Backdoor - This one has been featured in the press lately. I'm confused as to why the MAC address would be displayed in the TELNET banner.
• Scrutinizer Multiple SQLi Vulnerabilities - Used to manage NetFlow data, SQLi bugs are ones you don't want to see in this type of application.

Covering All Your Bases

Internet-facing servers are a popular attack target: They are accessible to everyone on the Internet and can easily be probed for vulnerabilities. Based on exposure alone, Internet-facing servers present a higher risk of becoming compromised. This risk needs to be mitigated if organizations must provide access to services such as web, mail, and VPN connectivity. It is therefore important that these servers are regularly assessed for potential vulnerabilities (and more important that something is done to remediate the vulnerabilities). This blog entry provides guidance for some basic security issues which are important to monitor on Internet-facing servers, such as:

1. Maintaining Patches - It is important to keep up-to-date with patches in general, and with systems that are exposed to the Internet, fixing both local and remote vulnerabilities are particularly important. For example, a web server may contain a vulnerability which allows an attacker to gain a shell with the privileges of the running user (e.g., www-data). If local vulnerabilities are present, the web server vulnerability can quickly lead to the attacker gaining root-level privileges. With this level of access, attackers have a much better chance to cover their tracks and hide their presence within the system. Therefore, ensuring all available security patches are installed on your systems is important.

2. Easily Exploitable Web Application Vulnerabilities - If you've ever monitored the logs of an Internet-facing web server, you know attacks against applications are frequent. Application testing involves many different processes and techniques, but you don't want to give attackers any low-hanging fruit. It is important to test your applications before they are put in production, but also continue to monitor for vulnerabilities in production. Several automated tools in use by attackers exploit flaws, such as SQL injection, on a regular basis. Once the application is on your production system, it is important to regularly assess it to stay ahead of the curve and remediate the vulnerabilities before attackers get to them.

3. Exposed Services - Internet-facing servers ideally offer a limited number of services, since they do not need to support a wide range of services that an internal development server would offer. This makes it easier to scan and identify vulnerabilities and detect any new services which may crop up. Firewalls are often deployed to provide an extra layer of protection for systems exposed to the Internet and ensure that only required services are permitted. Scanning these hosts on a regular basis will quickly identify any new services that are running or mistakes made in firewall configuration which may unintentionally expose an internal service or server.

Welcome to the Tenable Network Security Podcast Episode 122

Announcements

• New video: Ron Gula on Why Tenable Fits the U.S. Department of Defense
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• Intuit QuickBooks Help System Multiple Vulnerabilities - QuickBooks contains sensitive information, such as financials and potentially employee/contractor SSNs. Ensuring this software is patched and up to date is extremely important.
• Juniper Junos CPU Utilization Denial of Serice - This vulnerability is a bit scary for me, as it could be triggered by non-malicious users. Sending data to an HTTP port is an activity which may not look suspicious, however, I've seen where this DoS condition can be triggered by a scanner, monitoring tool, or even an end user.
• Juniper SSH TACACS+ Incorrect Permissions - One of the first papers I wrote on security was on the subject of configuring TACACS+. I have to say, it's not a simple task, and there are many options, some of which could lead to either locking users out of a device or giving people too much access. This is a bug in the configuration, which could further complicate things.

Many customers have recently inquired about detection of video conferencing hardware and software, and Tenable’s research team has been developing additional PVS plugins to do just that.

Combine equal parts of two of the industry's most outspoken experts, add in the controversial topic of software liability, and stand back to watch the ideas collide. The cameras were on hand at the recent RSA event to capture the debate between Tenable Network Security Chief Security Officer Marcus Ranum and BT Chief Security Technology Officer Bruce Schneier. Thought provoking doesn't begin to describe the encounter--and that's all before the audience gets involved. Watch now on our YouTube channel:

Ron Gula on Why Tenable Fits the Department of Defense

More Information

You can learn more about how Tenable products support ACAS on the Tenable website, or contact Tenable Sales at sales@tenable.com. 

Compliance Auditing with PowerShell

Microsoft's PowerShell framework has been part of their product line for quite some time. In recent years, it has played a major role in new operating system versions (such as Window 7 and Windows Server 2008) thanks to its inclusion in common engineering criteria. All future Microsoft server products will have PowerShell support integrated in them by default. This means Microsoft products will benefit from a single management interface, rather than a mixed usage of the registry, WMI, or other system files/utilities.

For those unfamiliar with PowerShell, it's a command-line shell meant to perform administrative tasks using cmdlets. Cmdlets are purpose-built commands designed to accomplish specific tasks for reading registry keys, files, wmi-objects, starting and stopping Windows services, and a host of other tasks. A wide range of cmdlets and their usage are documented on Microsoft's website.

The ability to run PowerShell cmdlets remotely opens up interesting possibilities from a compliance perspective. For example, it's now possible to read a file, apply several different filters, and determine compliance. You can also run a cmdlet and let the user review the output, then tailor the output as needed. Tenable recently added an AUDIT_POWERSHELL check to Windows compliance checks which allows users to do just that, right from an .audit file. Below is the basic syntax:

Welcome to the Tenable Network Security Podcast Episode 121

Announcements

• Tenable Selected for DISA’s ACAS Vulnerability Management Solution
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus:

• Netstat Active Connections - Active connections are enumerated via the 'netstat' command.
• SSL Resume With Different Cipher Issue - I just can't help but wonder how many times we can poke holes in SSL. The protocol does not breed much confidence, and I'm curious if we will ever see a replacement.
• Citrix XenServer vSwitch Controller < 2.0.0+build11349 Multiple Vulnerabilities - While VMware clearly has a lion's share of the market, there are several other virtulization vendors in the market. Whatever platform you choose, security has to be one of the top priorities as reliability and integrity of your virtualization platform is of the utmost importance.
• HP System Management Homepage < 7.0 Multiple Vulnerabilities - Not only did HP miss a CSRF vulnerability, but they bundled in a vulnerable version of Apache, PHP, and OpenSSL. This is unacceptable.A company this large, producing the amount of software they do, must have a better process for securing software.
• Mac OS X OSX/Sabpab Trojan Detection - Make sure you are running this plugin often against your OS X hosts. They could be infected with new variants or become re-infected from a Time Machine backup.

• IBM Tivoli Directory Server Web Administration Tool Unspecified XSS - More XSS in enterprise management applications.

Tenable Selected for DISA’s ACAS Vulnerability Management Solution

Tenable’s Unified Security Monitoring platform is the U.S. Defense Information Systems Agency (DISA) vulnerability management solution deployed DoD-wide as the Assured Compliance Assessment Solution (ACAS). Implementation is now underway for products within ACAS, including Nessus®, SecurityCenter™, and the Passive Vulnerability Scanner™ .

The award means Tenable’s products will be deployed across the entire Department of Defense and select Federal intelligence agencies. That broad deployment provides the DoD a comprehensive view of network configuration, compliance, and risk.

Among the reasons for the Tenable’s selection:

• Scalability - The DoD is able to ensure comprehensive coverage of their network; one of the largest and most complex in the World. Unique Tenable capabilities like distributed scanning and management enable efficient scanning performance, while ensuring everyone in the chain-of-command has visibility into essential data.
• Continuous Monitoring - Emerging, transient, risks like mobile devices, virtual systems, and cloud-based applications and services leave competitive tools in the dark. With Tenable’s unique passive vulnerability detection, the DoD can now continuously monitor networks, learning immediately of vulnerabilities, errors and security exposures, and policy violations. Traditional scanning only provides point in time assessments (weekly, monthly, or even less frequently). Tenable’s Passive Vulnerability Scanner delivers full coverage, 365 days a year, 24 hours a day.
• Quality of Research - Tenable coverage goes deep and wide, and we’ve adapted our solutions to ensure our research is better integrated with the DoD’s existing systems. Analysts can quickly and easily respond to risks and mitigate problem more effectively.

To learn more about the Assured Compliance Assessment Solution evaluation, or Tenable solutions, please visit our website.

Welcome to the Tenable Network Security Podcast Episode 120

Announcements

• Nessus 5.0.1 Released - This update includes support for FreeBSD 9 and gives you more flexibility when specifying port ranges and types (UDP or TCP) for the port scanner. Several bug fixes are included as well, including Windows installation issues.
• SecurityCenter 4.4 Released:
• Improved performance, with a new XML-RPC-based interface that speeds cross-system connections and adds fault-tolerance and improved reliability.
• Easy report template and information sharing. New reports, designed by Tenable experts, can be downloaded from the new Tenable SecurityCenter Enterprise Reporting blog, imported into SecurityCenter, and used immediately, customized, or exported to share with others.
• Easy access to over 100 pre-defined Quick Reports, including SANS Consensus Audit Guidelines, Center for Internet Security Audits, FISMA compliance indicators, HIPAA compliance checks, OWASP, PCI, and other IT and patch audit reports.
• New data visualization displays that use charts and color-coding to indicate the number and severity of vulnerabilities based on IP addresses, host names, and asset groups.
• Integration with Tenable’s cloud-based Nessus Perimeter Service.
• Improved integration with GRC, SIEM, IDS, firewall analysis, and other systems that support Nessus reporting. SecurityCenter now exports scan data in the Nessus v2 format.
• Scan hosts by specifying the DNS host name or URL for web application assessments.
• Authentication: Support for the use of digital certificates with SecurityCenter. Support for smartcard authentication (including U.S. Department of Defense’s Common Access Card (CAC)).
• New Version of Nessus Perimeter Service Released - As Tenable is an Approved Scanning Vendor (ASV), you can use the Perimeter Service to perform PCI scans, using an approved PCI policy, and submit the scan results to Tenable for PCI ASV validation. The Perimeter Service allows you to scan as many systems as you like, as often as you like, and submit two scans for validation per quarter at no extra cost.
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. New videos are always in the works and updated Nessus and Perimeter Service videos will be available soon.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

SecurityCenter 4.4 Expands USM Capabilities

SecurityCenter version 4.4 is available today from Tenable Network Security. Customers can download the updated release from the Tenable Support Portal. You can view a video tutorial of the new features on the Tenable YouTube channel, or watch it below:

SecurityCenter is the central component of Tenable’s USM platform. It provides robust enterprise security monitoring by uniquely combining active and passive vulnerability assessments with log and event monitoring to create intelligent and actionable reports. SecurityCenter users also benefit from real-time and flexible dashboards for both security monitoring and maintaining compliance.

SecurityCenter version 4.4 includes dramatic performance gains, improved integration with other management systems, reporting and user interface enhancements, and many other new features. A detailed list is available on the Tenable website. Some of the highlights include:

Tenable is pleased to announce availability of the Nessus Perimeter Service including the Tenable PCI Scanning Service. Customers can scan an unlimited number of Internet-facing IP addresses, as often as they like, and submit PCI scan results up to twice per calendar quarter for Tenable PCI Approved Scanning Vendor (ASV) validation, all for $3,600 a year.

The Nessus Perimeter Service offers:

• One flat fee - Scan an unlimited number of Internet-facing IPs, as often as you like
• Web application vulnerability detection
• Up to two quarterly PCI scan submissions for Tenable PCI ASV validation
• Anytime, anywhere access via web browser and Tenable Nessus App for iPhone, Android, and iPod touch
• World-class expertise with the most-trusted knowledgebase in the industry and access to Tenable’s PCI-certified professionals

To learn more about Nessus Perimeter Service and the Tenable PCI Scanning Service you can view the video titled "Nessus Perimeter Service Usage: PCI ASV Validation and SecurityCenter Integration":

New PCI-DSS Scan Policy

Tenable is pleased to announce the release of Nessus 5.0.1! This is a point release (moving from 5.0 to 5.0.1), containing enhancements and minor bug fixes. This release improves the stability on all platforms, and solves Windows-specific issues related to installation and packet forgery.

New features

From a user perspective, the only change is that it is now possible to specify a separate list of UDP and TCP ports to scan on all targets. This is set in the "Port scanner range" field when you create a new policy or modify an existing one (e.g. if you wanted to scan TCP ports 1-1024 and UDP ports 1-200 the syntax is: "T:1-1024,U:1-200"). Also, a build for FreeBSD version 9 is now available.

Enhancements & Bug Fixes

 In addition, several enhancements and bug fixes are included:

• Resolved an issue whereas packet forgery was not working on some Windows setups
• Improved the Windows installer which would fail on some setups
• Fixed several thread synchronization issues leading to a crash in certain situations
• Imported v1 reports are more legible
• Nessus can now read a 64-bit database on a 32-bit system and vice-versa
• Identified and resolved a minor memory leak issue occurring on all platforms
• Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash
• Workaround for CVE-2011-3389
• Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator
• Restored the ability to log in via certificate authentication on port 1241 when "force_pubkey_auth = no"
• This version of Nessus now includes OpenSSL version 1.0.0h

New customers can download and evaluate Nessus for free by visiting the Nessus homepage. Current customers can download the new version from the Tenable Support Center.

Detailed instructions and notes on upgrading can be found in the Nessus Documentation. Please contact Tenable Support (support-at-tenable.com) with any questions regarding the upgrade to Nessus 5.0.1. You can also visit the Nessus Discussion portal for more information.

Vulnerability Management

Constantly assessing the security of your own systems is an important task in maintaining a secure network. I relate regular security assessments to personal hygiene, such as brushing your teeth everyday (and even more "in-depth" maintenance such as flossing and using mouthwash). All of these actions are an effort to prevent "bad things" from happening. Often, the "bad thing" hasn't happened yet, and you are trying to get ahead of the curve to protect yourself from cavities, gum disease, or worst-case, all of your teeth falling out. Vulnerability management plays the same role in your organization. By regularly assessing your systems, finding problems, and fixing them, you hope to get ahead of the curve and prevent bad things from happening, such as data leakage, breaches, and compromises of your systems by “evil bad guys”.

As I stated above, finding the vulnerabilities is just the first step. You must have a process in place to fix the vulnerabilities that you've identified. After that, your processes need to check to be certain that a vulnerability was remediated. Your plan for network health has to track vulnerability remediation, and empower those responsible to be in the loop and fix the problems before something "bad" happens (if it were only so easy as brushing, flossing, and using mouthwash). Tenable has a suite of tools to help you both find as many vulnerabilities as possible and implement a process for continued remediation. Below are some examples: