Tenable Blog

Tenable is pleased to announce the release of Version 4.0.2 of the Nessus vulnerability scanner!. This release includes several fixes and support for the latest operating systems from Microsoft and Apple. All customers are encouraged to upgrade to the latest version of the Nessus Server and NessusClient. Following is a summary of some of the fixes and improvements:

Welcome to the Tenable Network Security Podcast - Episode 2

Tenable is pleased to announce the release of the Tenable Virtual Appliance! The appliance replaces the Nessus VM Appliance and provides a preinstalled image of all Tenable applications in one easy to configure interface. The Tenable Virtual Appliance is available for Tenable customers and is provided for use with VMware Server, VMware Player and VMware ESX Server. Currently, Nessus and Security Center applications are available on the appliance with the Log Correlation Engine and Passive Vulnerability Scanner to be released soon. Tenable ProfessionalFeed customers can download the latest version of the Tenable Virtual Appliance along with any available updates from the Tenable Support Portal.

A "Rogue" Access Point

Detecting and preventing rogue wireless access points is a major concern for many organizations. It is important to ensure that all wireless networks are established and configured in compliance with the organization’s policies and standards for wireless networks. The problem is that it is very easy for a user to establish a rogue wireless access point either inadvertently or deliberately. A wireless access point plugged into your network will typically have an Ethernet connection tied into some part of your LAN, and provide wireless access to an attacker that bridges the connections. Users could put one on the network for convenience, or a company provisioned access point could be misconfigured by the IT department. Recently the PCI standards council has produced a document called "The Information Supplement: PCI DSS Wireless Guideline", that outlines the recommendations for securing wireless networks for PCI DSS compliance. This is a good reminder of the importance for organizations to continually seek out rogue access points in their environments and remove them.

Scanning web applications with Nessus offers the end user several new configuration options in the Nessus client. You should take into account:

• Number of web servers and applications being scanned
• Size of the applications (e.g. how many parameters does each CGI application have?)
• Depth and scope of the scan with respects to the type of tests being performed and how exhaustive they should be

This video demonstrates how to setup Nessus to scan a web application using the new options: