Tenable Network Security is proud to announce the immediate availability of SecurityCenter 4.2. SecurityCenter is used to centralize and report on system and event data such as vulnerabilities, logs, NetFlow, configurations and more. 

NSA Hardening Guidelines

The National Security Agency (NSA) has developed security hardening guidelines for various operating systems and technologies. I remember when I first started in information technology and used these guides to harden my Windows servers. I was met with mixed success; some systems would run better, and some would cease to function due to configuration changes. This taught me about my systems and their configurations, and knowing what your systems do and how they are configured is the true key to successful systems administration. Remember, the “guidelines” are just that, a guide to configuring and securing your systems. Ultimately, it is up to you to determine which changes you will implement, and most importantly test those changes in a lab/QA environment.

Mac OS X's popularity has been growing rapidly, and so has its use in corporate environments. The NSA has released a new hardening guide for OS X. Tenable has created a configuration audit that will compare the configuration of your OS X systems with the NSA's guidelines, and below are some of the example results from an audit:

Tenable is pleased to announce the official release of the Nessus Android app! The application can be downloaded for free from the Android Market and contains the following features:

• Connect to a Nessus server (4.2 or greater)
• Launch existing scans on the server
• Start, stop or pause running scans
• Create and execute new scans and scan templates
• View and filter reports

Welcome to the Tenable Network Security Podcast - Episode 83

Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

Announcements

• A new blog post has been published:
  • Plugin Spotlight: Detecting PsExec
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
• A new Nessus plugin is being released into the feed that will identify the device type of your targets. For example, if Nessus finds that a device is running Cisco IOS, it will flag it as device type: router. This is useful when reporting, trending, and "dashboarding" with SecurityCenter.
• A new promotion is being run: All new Nessus Professional Feed users will receive a free demo of the Nessus Perimeter Service.
• Upcoming Product Releases: SecurityCenter 4.2 and LCE 3.6.1. One of the major new features of SecurityCenter 4.2 is the ability to share dashboards. You can visit our dashboards page for a sneak preview.

Stories

I was recently talking to my good friend Ed Skoudis about computer security incident response. An interesting question he asks organizations that are in "incident response" mode is, "Do you run PsExec?" PsExec is part of the Windows Sysinternals’ suite of tools and implements a service that allows users to administer Windows systems remotely using the command line. More information can be found on the PsExec download page. It also contains functionality described as:

"PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like ipconfig that otherwise do not have the ability to show information about remote systems."

Welcome to the Tenable Network Security Podcast - Episode 82

Hosts: Paul Asadoorian, Product Evangelist

Announcements

• Several new blog posts have been published:
  • Microsoft Patch Tuesday Roundup - May 2011
  • Sony: Compliance Lessons Learned
  • 3D Tool Version 2.0 Released
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Interview: KC Berg, Level3 Communications

KC works for Level3, the world's largest Internet service provider. He uses Nessus, and in a big way. They scan hundreds of thousands of IP addresses every day, customize NASL, and make extensive use of the API. KC is also a big fan of credentialed auditing and tells us how he uses that to help maintain security on some of the busiest networks in the world.

Episode 82 Direct Download

Tenable’s 3D Tool v2.0 is a Windows application that queries data from a SecurityCenter 4 server and presents it in an interactive visual console to facilitate presentations and security analysis.

It can help better communicate different types of information available in SecurityCenter, such as:

• Nessus vulnerability data


• Network topologies


• PVS data, including passively discovered vulnerabilities, network connections and new network devices


• Event data discovered and normalized by the Log Correlation Engine (LCE), including intrusion detection, firewall, NetFlow and syslog data

For more information, see Ron Gula's post to the Nessus Discussion Portal titled "3D Tool Creation and Walk-Through" (login required).

The following screenshot shows hosts on the network and their operating system type:

The Now "Infamous" Sony Hack

It was reported late last month that attackers had penetrated Sony's PSN (PlayStation Network) platform. It has been rumored that reverse engineering the PlayStation firmware, coupled with vulnerabilities in Linux servers and unencrypted data traversing the network, led to the exposure of over 77 million users’ information being leaked, possibly including 2.2 million credit card numbers.

If You Are Using WINS, You Are Not WINNING

WINS, or Windows Internet Name Service exists so that NetBIOS hosts can communicate with TCP/IP hosts. Wait, did we just step into the network protocol time machine? In fact, we did! NetBIOS was developed for IBM in 1983 by a company called Sytec, and later adopted by Microsoft (See "Understanding NetBIOS and Windows Server 2003" for more historical information on our journey back in time). So the big question remains, why are people still running WINS and/or NetBIOS? My guess is that a vendor provided you a solution, stuck you with an operating system that is old and outdated, and now you’re stuck maintaining the application and operating system (refer to Rafal Los's great post: Supporting "Unmaintainable" Applications).

Any time you can enable yourself to rid the network and systems of old protocols, it’s a win for security. The harder part is ridding your network of the things that rely on those protocols. Once you get there however, not only will you have a network that is easier to maintain (lets face it, WINS was one more thing to go wrong with Windows networking), it will be slightly more secure as well.

MS11-035 addresses a privately reported, remotely exploitable, vulnerability in WINS, as if the attackers need something else they "could" exploit.

Welcome to the Tenable Network Security Podcast - Episode 81

Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO

Announcements

• A new blog post has been published this week:
  • Plugin Spotlights: New Nessus OS Identification Plugins
• A new version of the 3D tool will be available this week and a new CIS Oracle 11 audit policy is available for download in the Customer Support Portal
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!

Stories

• Hackers are worried that the Sony compromise will lower the Value of stolen cards - Supply and demand applies to stolen credit cards. Additionally, this graphic of a Sony controller provides a humorous take on the whole incident.