Tenable Network Security Podcast Episode 188 - "Upgrading is Hard to Do"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus, PVS, and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

Discussion & Highlighted Plugins

• "Upgrading is Hard To Do" - It can be a really tough thing to leave your current revision of given software, operating system, or hardware. However, sometimes vendors bundle features, bug fixes, and security fixes into a major upgrade. I'm a bit torn on this issue. On one hand, it's great that vendors are fixing security-related issues. On the other hand, it's not good that we as the end user do not have a choice between features and security updates. There is likely software compatibility issues that are keeping you tied to a particular OS release. Believe me, as an OS X user, I get that. I use many different software applications on OS X for video/audio editing, screen capture movie creation, still image screen capture, and blog editing -- this list goes on and on. An OS upgrade could render any number of those applications useless, leaving me stuck not able to do my job. What can we do to help fix this problem?
• SCADA "Security" - I recently led a panel discussion with four SCADA security experts. It was a really interesting conversation; very troubling as well. It seems that both the vendors and the consumers in the majority of cases are not incentivized by security. Cost is a major factor, even more so than other industries, due to the governmental nature of the businesses in this industry. We discussed topics such as regulations, "air-gapped security," and proper testing of control systems. What are your thoughts on these issues? How can Tenable products help with the assessment portion?
  1. Be sure you are prepared for OS X 10.9 Mavericks | Security Spread
  2. Scan Shows 65% of ReadyNAS Boxes on Web Vulnerable to Critical Bug
  3. Seven essentials for VM management and security
  4. Netgear Root Compromise Via Command Injection
  5. Tenda Shuts Router Backdoor Found By D-Link Hole Prober
  6. Your Kettle Could Be A Spambot!

Nessus

• SSL Cipher Block Chaining Cipher Suites Supported
• Dropbear SSH Server < 2013.59 Multiple Vulnerabilities
• Puppet Unauthenticated Remote Code Execution
• Puppet Enterprise < 3.0.1 Multiple Vulnerabilities

Passive Vulnerability Scanner

• Mac OS X < 10.9 Multiple Vulnerabilities
• SEW Eurodrive SCADA server detection
• Schneider Electric Accutech Manager RF Successful Authentication
• Schneider Electric Accutech Manager RF Server Detection
• Schneider Electric Accutech Manager RF Failed Authentication
• Schneider Electric Accutech Manager RF Client Detection
• Moore Industries Embedded SCADA server detection
• Indusoft Web Studio Server Detection
• Indusoft Web Studio Client Detection
• Indusoft Remote Code Execution Flaw

SecurityCenter Apps

Dashboards

• Systems with Sensitive Data
• Virus Trending

Reports

• Executive Age Summary Report

Security News Stories