Tenable Blog

How do you know that the software being executed on your network is authorized and acceptable? Many organizations struggle with this concept or ignore it altogether. There are generally four approaches to enabling or preventing software usage:

• White listing of software - A third party application or very tight operating system configuration settings is used to only enable specific authorized program names. Everything else is denied by default.
• Black listing of software - A third party application specifically controls what programs cannot be run. Anything not on the list is allowed by default.
• Ignorance – Some organizations simply do not have the staff, resources, technology or concern to attempt any type of analysis of what software is allowed.
• Auditing – Using one or more methods, an organization takes no immediate action on software usage, but it does track and analyze what programs are available and in use to help make better policy decisions, to have a more intelligent incident response process and to help IT troubleshoot issues.

A friend of mine, who was preparing to teach a workshop that included information about Nessus, recently asked: "What are the top three things you would tell people about Nessus?" Below is a more detailed version of my response:

1) Network Scanning - With over 28,000 plugins, Nessus has some excellent coverage in terms of vulnerability scanning for your systems and network. When running a network-based scan it is important to tune it appropriately. Look at the different plugin families and enable the ones that you think are most relevant. In addition, review the Advanced options for your scan. If you are performing web application testing, take a look at the Advanced options global variable settings. If speed is not a factor, you can get some awesome results by enabling CGI scanning, experimental plugins and thorough tests. Finally, don't just look at the high level alerts: some medium and low level alerts can lead to root access!

Tenable Network Security has released version 4.0.1 of the Nessus vulnerability scanner. This point release includes a variety of minor bug fixes as well as support for additional authentication schemes. All customers are encouraged to upgrade to the latest version of the Nessus Server and NessusClient. Below is a summary of some of the fixes and improvements:

Not All Vulnerabilities Are Created Equal

We recently asked a select group of Nessus users which Nessus plugins provide the most interesting results for a given scan. This is a great question because you can often find patterns in the types of vulnerabilities that contain characteristics such as ubiquity and ease of exploitability. Several of the favorite plugins that penetration testers see during scans have to do with default or missing passwords that give an attacker instant access to the exposed service. The good news is that this type of vulnerability is usually easy to fix . Using Nessus makes this type of vulnerability easy to spot in your environment.

The Story:

--Pentagon Official Charged with Espionage Conspiracy
(May 13 & 14, 2009)
A Pentagon official has been charged with espionage conspiracy for
allegedly leaking confidential documents to a Chinese government
operative. James Wilbur Fondren Jr. has been on administrative leave
from his job as Deputy Director, Washington Liaison Office, US Pacific
Command (PACOM) since February 2008. Fondren was allegedly able to
access the sensitive information through his security clearance. If he
is convicted of the charges against him, he could face five years in
prison and a fine of US $250,000.
http://www.nextgov.com/nextgov/ng_20090514_7707.php
http://www.scmagazineus.com/Defense-Department-insider-charged-with-espionage/article/136743/
http://www.usdoj.gov/opa/pr/2009/May/09-nsd-469.html
[Editor's Note (Northcutt): Limiting access rights based on roles is essential.]

My comment on this (which didn't get posted along with Northcutt's) was: "

Is this where I get to say "I told you so"??