Tenable Blog

Tenable's Research group recently added support to the Nessus ProfessionalFeed and HomeFeed to audit missing 64 bit Windows 2003 security patches via file version checks.

File version checking is the most effective way to test a Windows system for missing patches. Nessus has been able to do this on most Windows OSes (including 64 bit Windows Vista and Windows 2008) for a long time and due to customer demand, we've added support for Windows 2003 64 bit systems.

As a new Tenable employee, one of my first opportunities was to sit in on recently updated Nessus training classes taught by Tenable’s Training Lead, Matt Franz. Joining me in putting Matt on the hot seat was Tenable CSO Marcus Ranum. As a consultant, I have been using Nessus for almost ten years to assist in assessing clients’ networks, but had never attended formal training on the software. I sat in on the first day of class to better understand how to leverage Nessus to perform credentialed scans to audit a system against configuration standards such as CIS or PCI.

On August 6th, 2008, I will be participating in a Vulnerabiltiy Management webinar hosted by WhiteHatWorld. We will be discussing best practices for scanning and configuration auditing. Panelists also include representatives from Qualys and Rapid7.

Most enterprises are required  to run some sort of Anti-virus (AV) software on all or a portion of their desktops and servers and report on the status of the deployment. This blog entry discusses some of the limits of self-reporting within an anti-virus application and how Nessus can help you detect systems that are not AV compliant.

Self Reporting with Anti-Virus Software

Nessus plugin #33523 "Network Camera Detection" will alert if it encounters a web page that belongs to a WebCam.

Typically, these web pages are not password protected and on ports other than port 80. If it is not password protected and not behind a firewall, it may be allowing unauthorized users from your organization, or even users from the Internet to view and/or listen to activity and conversations in the viewing area of the cameras.