Installing and Using Nessus on Kali Linux
Note: These 2014 instructions are for installing Nessus version 5 on Kali Linux. Please see the newer blog, Getting Started with Nessus on Kali Linux, for information on installing Nessus version 6 and higher on Kali Linux 2016. Note: Nessus Cloud is now a part of Tenable.io Vulnerability...
Using Nessus to Audit Microsoft SharePoint 2010 Configurations
Trust, but Verify Recently, Tenable added audit files for Nessus ProfessionalFeed users allowing them to audit Microsoft SharePoint server configurations. The audit policy uses both operating system and database information from a SharePoint server farm and compares it against the settings specifie...
Tenable Releases SecurityCenter Continuous View
<p>Today, Tenable <a href="http://www.tenable.com/news-events/press-releases/2012-tenable-network-security-unveils-securitycenter-continuous-view" target="_self" title="Tenable Network Security Unveils SecurityCenter Continuous View">announced </a>the availability of a new edition of SecurityCenter,...
SecurityCenter 4.2 and Community Dashboard Site Released
<p><a href="http://blog.tenable.com/.a/6a00d8345495f669e201538ed394cc970b-pi" style="display: inline;"><img alt="FWR_SC" border="0" class="asset asset-image at-xid-6a00d8345495f669e201538ed394cc970b" src="http://blog.tenable.com/.a/6a00d8345495f669e201538ed394cc970b-800wi" title="FWR_SC" /></a>...
Tenable All-Star Showcase - Atlanta - February 22
Tenable Network Security will be hosting a half-day security and compliance seminar in Atlanta featuring Marcus Ranum, Ron Gula and Renaud Deraison. This is your chance to interact with Tenable executives, get the latest news and perspectives on industry trends, ask questions about Nessus and ...
Putting a Virus under the SIEM Microscope Webinar
When a virus infected one of my Nessus scan targets, I did what any sensible CEO of a SIEM company would do - let it run and see what types of logs and alerts it generated!Over the 30 days that I let it run, I was able to collect a wide variety of interesting data. This included sus...
SSL Certificate Authority Auditing with Nessus
<p>Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # <a href="http://www.tenable.com/plugins/ind...
Introducing the Nessus Perimeter Service : redefining the cost of online scanning
Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now offers the Nessus Perimeter Service, offering unrestricted and unlimited vulnerability scans through an...
Auditing PHP Settings to OWASP Recommendations with Nessus
<p>Tenable recently released an audit policy for Linux servers running PHP which tests for hardening recommendations from the Open Web Application Security Project (<a href="http://www.owasp.org/index.php/Main_Page">OWASP</a>). OWASP maintains a set of guidelines for hardening web servers, with spec...
Nessus turns 10 !
Ten years ago today, I announced the initial public release of Nessus on the bugtraq mailing list. The initial version would run only on Linux and was bundled with 50 plugins (vulnerability checks) written in C. At that time I was 18 and I had no idea I would still work on it years later (or that an...
Using Nessus Configuration Audits To Test FDCC Compliance
Tenable has recently announced FDCC audit policies for Nessus ProfessionalFeed and Security Center users. These policies help government organizations test Windows XP Pro and Vista desktops against OMB's required configuration settings. This blog entry describes how this testing can be performed wit...
Digital Bond OPC Hardening Guide
If you are using Nessus to audit a control system network, Digital Bond has recently released a set of guidelines (part 1, 2 and 3) for securing OPC servers. These guidelines include three Nessus configuration audit policies (for use with Direct Feed subscriptions) to test OPC servers running under ...