With the release of Nessus 4.2.2 a new method of credential elevation has been included for Unix-based hosts that have sudo installed: “su+sudo.” This method allows you to provide credentials for an account that does not have sudo permissions, su to a user account that does, and then issue the sudo command. 

This configuration provides greater security for your credentials during scanning, and satisfies compliance requirements for many organizations.

To enable this feature, simply select “su+sudo” in the “Elevate privileges with” section under the credentials/SSH settings as shown in the following screen shot:

Under the “SSH user name”, and “SSH password” tabs, enter the credentials that do not have sudo privileges. In the example above, the user account is “raven.” From the “Elevate privileges with” pull-down menu, select “su+sudo.” Under the “su login” and “su/sudo password” tabs enter the user name and password that do have privileged credentials, in this example “sumi.”

No other scan policy changes are required.

Welcome to the Tenable Network Security Podcast - Episode 35

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Common Platform Enumeration (CPE) with Nessus
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.
• We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed, including a Digital/Web Strategy Coordinator.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Common Platform Enumeration (CPE) with Nessus

You may know the folks over at MITRE for their work on the CVE (Common Vulnerabilities & Exposures). Standards such as CVE help us track and document thousands of vulnerabilities released each year. Along the same lines, a new project from MITRE called CPE (Common Platform Enumeration) provides the public with a standard method to enumerate software:

"CPE is a structured naming scheme for information technology systems, platforms, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a language for describing complex platforms, a method for checking names against a system, and a description format for binding text and tests to a name."

Welcome to the Tenable Network Security Podcast - Episode 34

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Microsoft Patch Tuesday Roundup – May 2010 – Language Barrier Edition
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Microsoft's Language

No, I'm not talking about C# or Visual Basic, I'm referring to Microsoft's very own version of the English language ("Minglish"?). An example of the Microsoft variation on the English language is shown here:

"The vulnerability could allow remote code execution if a user visits a malicious e-mail server."

We've addressed the "could allow" statement in a previous post (for example, changing your shoes “could allow” you to win the lottery). We've also addressed the "remote code" execution and dug into what that really means. In this case, it takes on a slightly different meaning from the traditional remote buffer overflow or client-side attacks. The part that is brand new to the "Minglish" language is "if a user visits a malicious e-mail server". Let me get this straight: you not only have to be running the vulnerable software but must also think to yourself, "Gee, I wonder what a malicious e-mail server looks like? I think I will re-configure my email client to connect to pop3.evilbadguy.com and find out".

Welcome to the Tenable Network Security Podcast - Episode 33

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • SOURCE Boston Re-Cap
  • Nessus Spotlight: Scan Template Feature
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

The release of Nessus 4.2 included some interesting architectural changes as the complete Nessus installation was moved to a server based model. This means that all code, including the web-based client, now resides on the server. This provides the ability to update the Nessus client via a plugin update rather than having to install a new version of a traditional client locally on a workstation or server.

The first feature rolled out in this fashion came down in a plugin update released on April 20, 2010 (client build ID 20100416A and web server build ID 1.2.1 as seen in the "About" screen of the client). With this update, Nessus users could save a scan as a template to be used for multiple scans. If your plugins are automatically updated, the template plugin will already be in your plugin database.

If your plugins are not up to date, you can manually update plugins by using the command line utility on the Nessus server as follows:

(On Linux systems the default installation directory is /opt/nessus/sbin, OS X is /Library/Nessus/run/sbin and Windows is C:\Program Files\Tenable\Nessus\).

Once the scan template has been created you can initiate scans by using the new "Launch" button on the toolbar on the "Scans" tab:

Click the image above for a larger version.

In the screenshot above, you can see there are two templates: one called "DVWA" and another called "Web Application Scan". Simply highlight the scan template you wish to execute and click the "Launch" button. A new scan will be initiated against the targets you specified using the policy selected in the template. If the policy used in the template is updated, your changes will be included in subsequent scans. This update is available to both ProfessionalFeed and HomeFeed users.

Two weeks ago, several Tenable colleagues and I traveled to Boston to attend and speak at the SOURCE conference. The SOURCE conferences, founded by Stacy Thayer, are small in size but big on content. Since the conference is fairly intimate (this year’s had approximately 250 attendees), I had the chance to talk to many people in the hallways about security, attend some great talks and deliver a presentation on the state of embedded systems security.

SOURCE continues to be a great conference held in Boston, Massachusetts and Barcelona, Spain. It has a great atmosphere, the caliber of people in information security who attend are top notch and the presentations are great. Tenable submitted three presentations to SOURCE that were all well received and are described below:

Welcome to the Tenable Network Security Podcast - Episode 32

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • SecurityCenter 4 Released - Taking Unified Security Monitoring to a higher level
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. We would love to hear your feedback, questions, comments and suggestions! We put up a call for ideas on new Nessus videos, so please give us your feedback!


• We're hiring! - Visit the web site for more information about open positions. There are currently 6 open positions listed!


• You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly.


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!