Tenable Blog

Attackers have been very naughty, IT departments have been mostly nice and Microsoft has fulfilled the role of “Bad Santa”. This holiday season, Microsoft has filled your stockings with 17 security bulletins fixing 40 vulnerabilities. But where does that leave us?

What Else Could You Say?

Note: The word "could" appears in the title of all 17 security bulletins this month

I could say a lot of things about this month's Microsoft Patch Tuesday release. I could say that you should apply patches (except that my boss hates the word “should”). I could say that despite all of the patches released, there are still most likely to be 0-day exploits for several unpublished vulnerabilities. I could also say that your organization needs a solid patch management program. I could say, well, you get the point. After more than a year of writing up each one of the Microsoft Security bulletins, there's a lot I could say. The fact remains that several trends continue in the Microsoft "Black Tuesday" madness:

A Nessus user recently contacted me about performing a scan that would simply discover hosts on the network. This is a very low impact scan that does not look for vulnerabilities or enumerate ports. There are a few good reasons to run this type of scan:

Systems protected by a network or host-based firewall may only respond on a single port or to an ICMP echo request. Hosts that only respond to an ICMP ping will not show up in the default Nessus scan report. By enumerating these hosts you can include them in the report to show that scans were attempted but did not find any results, then determine if this is normal behavior or not.

Your internal policies may provide specific time windows when vulnerability scanning can occur. By tuning a scan that only discovers live hosts, you can check that your Nessus server is set up properly, collect a list of hosts to scan and stay within your vulnerability scanning policy guidelines.

To configure a scan that will only test if hosts are alive, use the following policy settings:

Click for larger image

Welcome to the Tenable Network Security Podcast - Episode 61

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Don't forget to sign up for Advanced SIEM Webinar Series - November through December
• Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials, including the new Nessus Perimeter scanning service.
• We're hiring! - Visit the web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!

Welcome to the Tenable Network Security Podcast - Episode 60

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Welcome to the Tenable Network Security Podcast - Episode 59

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Special Guest: Carlos Perez, Lead Vulnerability Research Engineer

Announcements

• Don't forget to sign up for Advanced SIEM Webinar Series - November through December
• Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the web site for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!