Tenable Blog

Nessus has more than 11,000 plugins which can be used to audit networks with host based checks and network checks. There are also many different options that Nessus users can configure to optimize their scans. One of these options is to enable or disable "safe checks". The "safe checks" setting allows Nessus users to enable a set of plugins within Nessus' library of vulnerability checks which Tenable feels can have negative effects on the network, device or application being tested.

Recently, a Tenable customer asked me if we had any plans or capability to perform brute force password cracking with Nessus. For those familiar with Nessus, this wasn't about testing for default user accounts during a network scan. The customer was asking to obtain the encrypted password databases from Windows and UNIX and try to brute-force their contents offline to find weak passwords. This particular customer was running several different password cracking tools across several different operating systems.

One of Tenable's advisors, Gene Kim, CTO of Tripwire and lead researcher of the IT Process Institute's "IT Controls Benchmark Survey", was recently interviewed by Richard Stiennon about how IT Controls not only help run networks more efficiently, but how they can make a network more secure.

Tenable has had many of our customers call in to discuss ways they can look throughout their enterprise to find the latest round of security issues from the last "Microsoft Tuesday". Here is a quick list of things you can look for with our products: