Welcome to the Tenable Network Security Podcast - Episode 14

Announcements

Correction: Nessus 4.2 supports Suse 10 Enterprise.

• Nessus 4.2 is released! - Brand new web interface, performance and reporting improvements, and wider platform support. Listen in for the exclusive details!
• A new video has been released that covers how to use Nessus 4.2, the latest version of Tenable's Nessus vulnerability scanner.
• Tenable Network Security's CEO, Ron Gula, is featured in SC Magazine as one the entrepreneurial visionaries who have launched successful IT security companies in the last 20 years.
• We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Another Milestone, Nessus 4.2

Long-time users of Nessus have probably noticed that significant improvements have been made over the past several years. For example, Nessus version 3 introduced many performance enhancements due to an overhaul of the NASL interpreter. Nessus version 4 introduced several more improvements, including multi-threading and 64-bit support, in addition to unifying the code base across multiple platforms (Windows, Linux, and Mac OS X). Tenable is proud to introduce the next evolution to the Nessus vulnerability scanner with version 4.2, which includes several enhancements including an all-new Flash-based interface. With the new Nessus 4.2 interface, scan results and policies are stored on the server instead of in a client. Multiple users can log into the web-based interface concurrently and can use a “compare” function to show differences against a previous scan. It is now possible to log out of the interface and log back in without disrupting scans that are in progress,and an administrative user now has the ability to pause or stop the scan of another user. I strongly recommend that everyone view the video preview below to see the new Nessus interface in action:

The new version of Nessus 4.2 is under active development and getting closer to release as each day passes. The new version introduce some changes and several enhancements and improvements. Over the next few weeks we will be releasing video tutorials that show users how to use the new interface and highlight the new features. The first in this series has been posted and can be viewed below:

More videos are in the works that will cover comparing reports, importing scan data, filtering results, and more!

Welcome to the Tenable Network Security Podcast - Episode 13

Announcements

• A new video has been released that covers how to use Nessus 4.2, the latest version of Tenable's Nessus vulnerability scanner.
• Tenable Network Security's CEO, Ron Gula, is featured in SC Magazine as one the entrepreneurial visionaries who have launched successful IT security companies in the last 20 years.
• We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!
• Tenable is pleased to announce the release of the Log Correlation Engine version 3.4. This release has many new enhancements and features, plus some new functionality such as IDS correlation from various sources and new options in the LCE clients to monitor file integrity. For more information on new features in this release, please see the LCE 3.4 Release Notes. Tenable CEO Ron Gula and I had a chat about the features in this new release.

Interview: Marcus Ranum - CSO, Tenable Network Security

Marcus Ranum hacking up computers and challenging us to think differently about security..

Recently, the State Department Deputy CIO and CISO John Streufert participated in a podcast where he talked about moving past the Federal Information Security Management Act (FISMA) to a metrics based security program. Performing routine vulnerability scans is a key metric to his strategy and he referenced the State Department’s Tenable solution for accomplishing this. After this podcast, Tenable received several inbound requests for more information on very large-scale network scanning from a variety of federal and commercial organizations. This blog entry summarizes some of the political and deployment strategies our customers use to scan hundreds of thousands of hosts on an ongoing basis with multiple Nessus scanners and the Security Center.

Tenable's CSO Marcus Ranum was quoted in an article from SC Magazine titled "Industry pioneers". In it Marcus gives us some insight into how he perceives his accomplishments:

“I like to think of myself as a filter for good ideas.”

We also get some insight as to how he came up with the idea for building the world's first firewall:

The firewall was really born on a day in 1986 when Ranum, then a network administrator at Johns Hopkins University, noticed something strange: Someone was able gain access to an MRI machine via a Sun Workstation default configuration. Nothing malicious happened, but Ranum knew right then that big problems weren't far off. “People were connecting to the internet and they had no idea what they were doing,” he recalls. Not long after, he built the first commercial-grade firewall for Digital Equipment Corp. and later, the White House. A few years later, he was among the first to market intrusion detection systems. “A lot of my career has consisted of moving ideas from the research world into the commercial world,” says Ranum, who turns 47 this month. “I like to think of myself as a filter for good ideas.” But don't count on any new inventions from him. Today's development tools lead to too many bugs: “I'm still using coding models from the early 80s,” he says.

Marcus is in good company too, others highlighted in the article include Bruce Schnier, Dan Geer, and Whitfield Diffie and Martin Hellman.

Welcome to the Tenable Network Security Podcast - Episode 12

Announcements

• A new blog post has been released that covers my experiences scanning Windows 7 with the latest version of Nessus 4.2 (yet to be released).
• Tenable in the news: Marcus Ranum Presents "Internet Nails" at TED, A Review of Nessus published by SC Magazine "Everyone needs a good network vulnerability scanner " was published
• Marcus Ranum was named one of the "industry pioneers" in a recent SC Magazine article, and Ron Gula was named in an article about market entrepreneurs also published by SC Magazine
• We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Interview: Marcus Carey - Dojocon/Dojosec

Marcus J. Carey supporting good causes like Hackers For Charity.

Another Tuesday, another round of security bulletins from Microsoft. Are you patched? Nessus contains credentialed local checks for all security bulletins, and a network-based uncredentialed check for MS09-064.

Severity is a Matter of Perspective

What struck me as interesting this month are the severity ratings. Microsoft publishes these ratings as a guide to help customers evaluate the vulnerability risk. In many cases, they seem to be doing their customers a disservice. For example, a remotely exploitable vulnerability in Microsoft Word or Excel could be leveraged by attackers to compromise desktop systems. These types of vulnerabilities are frequently exploited by attackers and penetration testers alike to gain access to sensitive information. The advice I always give to organizations is to evaluate each vulnerability with respect to how it affects your business, not what has been published by the vendor.

In addition, if the evaluation of severity is coming from a vendor, it should adhere to some industry accepted standard calculation, such as the CVSS score. Nessus plugins use this scale (1-10, with 10 being the most severe) as a rating for the severity of the vulnerability. While Microsoft rates MS09-067 (a vulnerability in which arbitrary code can be executed as a result of opening an Excel file) as important, Nessus gives it a CVSS score of 9.3. Use these ratings as a guide to develop your patching strategy. For example, if you heavily use Excel, you will need to patch right away. If you do not use Excel, then it is not as critical to patch. You could employ a temporary solution for mitigation by blocking incoming Excel file attachments while you focus on vulnerabilities that pose a bigger risk.

Windows 7 - a "Shiny" New Operating System

Most experts agree that producing Windows Vista was not a shining moment for Microsoft. It was plagued with problems from the start, including performance and stability issues. Many organizations flat out refused to upgrade from Windows XP to Vista, deeming it not worth the investment of resources and overall cost of the upgrade. Windows 7 is now here to replace Vista and XP, and the reviews have been positive from the beginning. In my own environment, I stayed away from Vista and jumped right into Windows 7. I believe that as Windows XP comes to its end of life, Windows 7 will step right in to replace it, despite the upgrade costs. Most people will likely skip the Windows Vista upgrade and gravitate towards the "shiny" new Windows 7 operating system.

An example of the "shiny" new OS, Windows 7 makes several improvements to the end user interface.

Marcus presents an awesome story about the Internet, software, and security. Watch as he goes into detail on how protocols work, problems with FTP, HTTP, and much more! The purpose was to show how small mistakes made in the design of software and the Internet have shaped the security industry. You can watch the full version of the talk below:

I had the chance to see some really good speakers this past weekend at the DOJOCON conference here in Maryland. I also had the opportunity to speak about many different things we can do as users of information security technologies such as firewalls, vulnerability scanners, intrusion detection systems and so on to improve the overall state of network security monitoring. Watch the video here or by clicking on the below link:

Tenable Chief Security Officer Marcus Ranum started the DOJOCON conference with an opening keynote where he detailed the trends our industry has taken and will take for the next few years. Watch Marcus's video here or click the below image:

You can watch all DOJOCON videos at this location.

Welcome to the Tenable Network Security Podcast - Episode 11

Announcements

• Two New Videos Released Tenable Appliance Installation & Configuration and Web App Scanning With Credentials Using Nessus
• Windows 7 Audit Files have been released! Nessus ProfessionalFeed and Security Center customers can download them from the customer support portal.
• We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Watch recorded versions of Ron Gula's Keynote and Marcus Ranum's "The State Of Information Security" Keynote from Dojocon!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Scanning web applications that require credentials can be a bit tricky as different applications may handle the authentication process in different ways. Nessus has configuration options that will allow you to define the authentication parameters for each application. Nessus also allows users to define pages that are not to be accessed during the web mirroring process, such as "logout.php", which prevents Nessus from being logged out of the application.

We have produced a video demonstration that walks you through configuring authentication for your web application Nessus scans:

A complete blog post was also published on this topic titled "Scanning Web Applications That Require Authentication".

The Tenable Appliance is an easy way to get up and running quickly with Tenable products such as Nessus and Security Center. The Tenable Appliance is a virtual machine image that is compatible with:

• VMware ESX versions 3.5 and older
• vSphere/etc. 4.0 versions
• VMware Player, Server, Workstation and Fusion.

We have produced a video demonstration that walks you through installation and configuration of the appliance:

The Tenable Appliance is available for download in the customer support portal for all customers. There is also an update which brings the appliance up to date with the latest versions of Nessus (4.0.2) and Security Center (3.4.5).

Welcome to the Tenable Network Security Podcast - Episode 10

Announcements

• New blog post "Defeating Zombies: Five Ways To Improve Defenses"
• Tenable placed 270th on the Deloitte Fast 500 2009 list, Nessus was awarded a Silver "Reader's Choice" award from Information Security Magazine, and another "Reader's Choice" award from WindowsSecurity.com
• We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions! We also have a new Facebook Group called Tenable Security Is Hiring where you can go to get more information about open positions (Requires Facebook account to view)
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!

Interview: Jason Holcomb - SCADA Security

Jason Holcomb - Digital Bond