Tenable Blog

For organizations that actively keep track of and manage their base operating system patches and configurations, a somewhat lofty goal is to try and tighten down third party patches. Organizations can have all Microsoft patches installed and their systems hardened to NIST, CIS and vendor recommendations, and still have major exposure and security issues issues tracking down open source, freeware and third party applications.

I was recently forwarded a link to a BBC video which demonstrates how a user on a wireless network can attack another user and break into their system.

As part of the more than 17,000 plugins available in the Nessus Direct and Registered plugin feeds, many of these look for common user name and password combinations. They will attempt to find administrator accounts without passwords, simple passwords and vendor defaults. Although these checks aren't performing an exhaustive brute force password audit, they may cause enough login failures to "lock out" operational accounts.

This blog entry concerns passive network monitoring with both the Passive Vulnerability Scanner (PVS), as well as the Log Correlation Engine. Tenable's research group has recently introduced PVS rules to identify mail clients and end nodes which are likely sending SPAM.

John Lampe, a senior security researcher for Tenable Network Security, will be presenting a talk and demonstration about passive network monitoring and web application vulnerability assessments. John's co-presenter for the seminar will be Matt North, formerly from ISS, Spi Dynamics and now with AT&T.

The talk location and date is: