Tenable Network Security Podcast Episode 185 - "We Don't Have Those On Our Network"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus, PVS, and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, PVS, SecurityCenter, and LCE and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

Discussion & Highlighted Plugins

• "We Don't Have Those On Our Network" - I hear this quite often from folks, especially when presenting on embedded device security issues. Those running enterprise, or even smaller, networks will state that entire categories of devices, such as Apple TV, are not in use on their network. Recently, I've been highlighting the use of the network search engine Shodan to illustrate the fact that large organizations do in fact have home-based network gear. Furthermore, folks tend to find ways to use technology in the workplace to get things done. For example, someone stated they have an Apple TV in every conference room and use it for presentations. This is a great use case for passive vulnerability scanning, finding the device in use by your organization. I'm not saying you shouldn't let the devices come on the network, but that they should receive some level of security which can only be accomplished if you know what's in use.
• Mobile Dashboards - Smartphones and tablets are another great example of technology used in the workplace. The undeniable fact that such devices improve productivity has earned them a permanent place in our IT infrastructure. The amazing fact about Nessus and SecurityCenter is that you can collect information about smartphones and tablets natively from your environment to enforce policy. Nessus/SecurityCenter will use the information stored in Active Directory to list the devices in use and associated vulnerabilities. The Passive Vulnerability Scanner (PVS) will collect data from the network and report on which devices and applications are in use, as well as associated vulnerabilities. All of this can be rolled up into dashboards and reports to aid the effort of both creating and enforcing policy.

New & Notable Plugins

Nessus

Passive Vulnerability Scanner

SecurityCenter Apps

Dashboards

Reports

Security News Stories

1. Tenable Network Security Receives Highest Rating Possible in 2013 Gartner Marketscope Report
2. Hackers Everywhere: A Conversation With Security Thinker Ron Gula
3. iPhone Fingerprint Scanner Hacked; Should You Care? | Forbes
4. Students Find Ways To Hack School-Issued iPads Within A Week | NPR: All Tech Considered
5. 10 Ways to Keep Your WordPress Site Secure
6. Researchers Unite To #ScanAllTheThings
7. 5 Reasons Every Company Should Have A Honeypot
8. Thirteen-Year-Olds Hack Their Way Into Space
9. Shutdown could test IT security at federal agencies