Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Paul Asadoorian

Profile picture for user Paul Asadoorian
As founder and CEO of Security Weekly, Paul remains one of the world’s foremost experts on all things cybersecurity. Security Weekly is a one-stop resource for podcasts, webcasts and other content, informing community members about penetration testing, vulnerability analysis, ethical hacking and embedded device testing. Previously, Paul served as a lead IT security specialist for Brown University, and as an instructor with The SANS Institute.
Blog Post

Plugin Spotlight: SMB Insecurely Configured Service

Misconfiguration can Lead to Compromise As a former full-time systems administrator, I understand the pain of managing and maintaining systems. A significant amount of testing is often required to ensure that you have the correct configuration settings, not just in terms of security, but also for system stability. Once you have the correct configuration it is difficult to maintain consistency across the environment on an ongoing basis (especially across hundreds, or even thousands, of disparate systems). This problem crosses all platforms and Unix/Linux and Windows administrators alike share the same challenges. Some examples include: Authentication/Logon services implementing the appropriate policies Ensuring all services are logging properly Permissions on existing users and running processes Various configuration settings associated with installed services (and typically specific to the service)

Blog Post

Tenable Network Security Podcast - Episode 29

Welcome to the Tenable Network Security Podcast - Episode 29 Announcements Several new blog posts have been published this week, including: Using Nessus Thorough Checks for In-depth Audits Vulnerability Metrics Webinar - April 28, 2:00 PM EST New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner. You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback! We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed! You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Blog Post

Exciting Technical Career Opportunities At Tenable

Tenable Network Security is currently seeking talented individuals to fill several roles within the company. Tenable Network Security is a privately held company founded in 2002 by security product innovators Ron Gula, Renaud Deraison and Jack Huffard. Together with Tenable CSO Marcus Ranum, they have developed a Unified Security Monitoring approach based on the award-winning Nessus scanner engine leveraged with several other enterprise vulnerability and log management products such as SecurityCenter, the Log Correlation Engine (LCE) and the Passive Vulnerability Scanner (PVS). In 2009, Tenable was named one of Deloitte’s 500 fastest growing technology companies. This blog provides a brief description of four technical positions that are open here at Tenable: Vulnerability Research Engineer This position is ideal for those who like to research and test software vulnerabilities. The results of your research will present themselves as Nessus and PVS plugins, which are small scripts that are able to detect vulnerabilities. In this role, you will accurately test for vulnerabilities by manually configuring vulnerable targets in a virtual environment, analyzing the system or application to reliably understand how the vulnerability is exploited and then developing a method to test for the vulnerability with credentialed or uncredentialed access. We are looking for people with strong programming skills (knowledge of a scripting language, regular expressions, functions and source code analysis), familiarity with system configurations in operating systems, applications or network devices and in-depth knowledge of TCP/IP protocols, Linux/Unix internals and Windows internals.

Blog Post

Tenable Network Security Podcast - Episode 28

Welcome to the Tenable Network Security Podcast - Episode 28 Announcements Several new blog posts have been published this week, including: "Cloud" Security Recommendations New Content Audit Policy File - PHI/PII for Unix Systems Afterbytes: Chinese Academics Paper on Cyberwar Sets Off Alarms in U.S. Treating Software as a Strategic Technology New Nessus training now being offered at conferences! - A new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner. You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback! We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed! You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more! Interview with Ron Gula - Vulnerability Scoring

Blog Post

"Cloud" Security Recommendations

Security In The Cloud Is Still Just Security A recent paper published in the International Journal of Services and Standards titled "A 'cloud-free' security model for cloud computing", written by Manal M. Yunis, outlines six security considerations for cloud computing. Upon reading the six considerations, I can't help but think that they do not present new challenges but merely rehash old ones. Let’s take a look at each of the six common cloud computing security considerations in more detail: 1. Resource Sharing "On shared services, there is the possibility that another user on the same system may gain access inadvertently or deliberately to one's data, with potential for identity theft, fraud, or industrial sabotage." The real problem with resource sharing in the context of cloud computing is that software logically separates one system from the next, but not physically. You can think of it as a "virtual server rack"; whereas traditionally you would have a physically separate server from your neighbor, but in the "cloud”, software is used to separate systems. Unfortunately, software is prone to vulnerabilities that could be exploited and in this case lead to complete access to your server or system. A great example of this in action is the "Cloudburst" exploit from the researchers at Immunity, Inc. that allows an attacker in a guest operating system to break out and gain access to the host operating system. The resource sharing via software problem is similar to VLANs on switches that are controlled by software, requiring you to carefully design a network and be certain your most critical assets are not on the same switch as something less critical. This is a risk-based decision, and must be constantly evaluated whether you are using a "cloud" provider or designing VLANs on a switch.

Blog Post

Tenable Network Security Podcast - Episode 27

Welcome to the Tenable Network Security Podcast - Episode 27 Announcements Two new blog posts have been released titled "The Value Of Credentialed Vulnerability Scanning and Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition. New Nessus training now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. Its a two-day course that will put the student into a real-world environment, forced to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner. You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback! We're hiring! - Visit the web site for more information about open positions, there are currently 7 open positions listed! You can subscribe to the NEW Tenable Network Security Podcast on iTunes! You can also subscribe to the new podcast RSS feed directly. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Blog Post

The Mid-Atlantic Regional CCDC 2010 Event - Part II

Physical Access: RFID Badges This year's competition debuted an RFID badge hacking system. The Red and Blue teams had separate rooms that were governed by badges and a badge reader. The Red team badges were allowed access only to the Red team room and vice versa for the Blue teams. I really wanted to hack the badge system right out of the gate. There were a couple of motivators involved (including the fact that my friend Larry put the system together), and if we bypassed the RFID reader the Red team would gain physical access to the systems after the Blue teams went home for the night. Above you can see a successful badge scan using RFIDIOT. Yes, I did a happy dance of joy once I got it working. Before the competition started I mapped out a plan of attack. Since all of the Red team members were in the same room and I had access to their badges, I planned to scan them and record all of the values. This would give me knowledge of the known values, making any other value a potential Blue team code. Before I could scan the badges, I needed to set up a reader. Larry had a reader for players to use, but I wanted to set up one of my own (besides, I did not trust Larry… what if he defected to a Blue team?). After about two hours of fighting with software library installations, failed dependencies and USB drivers, I finally had a working reader. I was using RFIDIOT to do the reading, which are Python scripts developed by Adam Laurie. While it is a great contribution to the security community, the documentation could have been more comprehensive (if you are looking to contribute to an open source project, here is your chance!). Having little to no experience with RFID, it was a challenge to figure out how to correctly configure my reader and set it up to read our badges, but persistence prevailed and just before the competition started I was reading Red team badges.

Blog Post

The Mid-Atlantic Regional CCDC 2010 Event - Part I

How to Score at a Hacking Competition Over the past weekend I participated in my second CCDC, or Collegiate Cyber Defense Competition.The event put college students in a defending role in five “Blue teams” and "real-world attackers" in the offensive role (pun intended) as the “Red team”. Points are incurred against the Blue teams when their systems become compromised, services are unavailable, or their systems go down. The defending team with the lowest score wins and is sent to a national "cyber exercise" competition. The event hosts a job fair, keynotes by speakers such as Marcus Ranum, a full spectator area and this year hosted two film crews who interviewed players and captured the action. You can watch the videos from last year's CCDC event on their YouTube channel. At a hacking challenge it can be tough to keep the Red team in line and following the rules. However, the very nature of hacking involves breaking the rules! All of the Red team members did an excellent job of being hackers, and being responsible. While there is no Red team winner, we had some of the highest scoring Red teams in the event's history. You can read more about the Blue team winner and rankings on the CCDC web site. Hacking challenges have become a bit of a hobby to me in the past few years. I've participated in two previous events and wrote about them here on the Tenable blog. The first was the NYC Capture the Flag event and the second was "Cyberdawn", a diverse cyber exercise. I learn so much by attending these events and participating as a "Red team" member. As the Red team, we set out to compromise systems, run a program that would update a scoring engine, maintain access and disrupt services and operations. It’s a tough balance to maintain; the more aggressive you become on the systems, the more the defending teams notice. Changing a password and locking the teams out incurs points, however they will notice and reset a password. Smart Red team members implant different ways to access the system, such as SSH key trusts and rootkits, to gain a foothold on the systems throughout the competition. As the Red team captain, I developed a strategy for guiding and organizing the Red team members. We divided into sub-teams and assigned the following roles to each of the members:

Blog Post

Tenable Network Security Podcast - Episode 26

Welcome to the Tenable Network Security Podcast - Episode 26 Announcements Two new blog posts have been released titled "The Value Of Credentialed Vulnerability Scanning and Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition. You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "Tenable Social Media" thread. I would love to hear your feedback, questions, comments and suggestions! I put up a call for ideas on new Nessus videos, so please give us your feedback! We're hiring! - Visit the web site for more information about open positions, there are currently 7 open positions listed! You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more! Interview - Ron Gula - CCDC Recap Ron Gula and I discuss our experiences at the 2010 Collegiate Cyber Defense Exercise held this past weekend in Columbia, MD.

Blog Post

Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition

Attacks Happen There are many reasons why attackers may target your organization: they could be after your intellectual property, they may have political reasons or there may be financial motivations (if you have credit card data stored on your network). I've often heard people say, "Why would someone want to attack us?" The question should really be phrased, "Why would someone need to attack us?" Often you are targeted not because of who you are, but what you have. Google hosts email accounts that are interesting to certain parties. You may be a university with plenty of bandwidth or a business partner with a company who makes electronics that the attacker is after. The point is that you can't limit the reasons why you are going to be attacked. You have to secure your network with the mindset that someone will eventually come after you. This brings us to this month's "Patch Tuesday". Two bulletins have been released by Microsoft, and I've included some examples of how they can be used for targeted attacks:

Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for free Contact sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller