Marcus Ranum PaulDotCom Interview on Penetration Testing
December 14, 2008Tenable's CSO, Marcus Ranum, was recently interviewed on the PaulDotCom Security Weekly podcast. They discussed a wide range of topics regarding penetration testing, secure coding, Marcus's "6 Dumbest...
PCI Executive Roundtables in New York and Atlanta
November 4, 2008Tenable Network Security has partnered with IANS to sponsor two executive level PCI discussions in New York City and Atlanta. Both events are this week, and we have limited seating available for corpo...
Nessus turns 10 !
April 4, 2008Ten years ago today, I announced the initial public release of Nessus on the bugtraq mailing list. The initial version would run only on Linux and was bundled with 50 plugins (vulnerability checks) wr...
Being the Caveman - Tenable Style
October 10, 2007After reading Richard Bejtlich's "Be the Caveman" blog post about the convicted hacker Robert Moore, I felt it would be interesting to show how unifying vulnerability monitoring, configurati...
Using Nessus Configuration Audits To Test FDCC Compliance
September 25, 2007Tenable has recently announced FDCC audit policies for Nessus ProfessionalFeed and Security Center users. These policies help government organizations test Windows XP Pro and Vista desktops against OM...
Digital Bond OPC Hardening Guide
September 21, 2007If you are using Nessus to audit a control system network, Digital Bond has recently released a set of guidelines (part 1, 2 and 3) for securing OPC servers. These guidelines include three Nessus conf...
Finding Sensitive Data as a Consultant with Nessus
August 29, 2007There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. Another valuable service that can be perf...
CIS Certified Windows 2003 Member Server Audits
August 10, 2007Tenable Network Security was recently awarded Center for Internet Security (CIS) certification to perform audits of Windows 2003 Member Servers through Nessus Direct Feed and/or Security Center agent...
Federally Mandated Configuration Settings for XP and Vista
August 8, 2007The Office of Management and Budget recently released new configuration guidelines for Windows XP and Vista that all Federal agencies need to adopt by February 1, 2008. The guidelines are known as the...
Finding Low Frequency Events
April 23, 2007Very often when I speak with Tenable customers about performing IDS or Event analysis, I ask them if they use the Time Distribution tool under the Security Center. This tool is used to identify any co...
Dragon Intrusion Defense System support for Nessus and the PVS
February 21, 2007Today Tenable announced a partnership with Enterasys Networks that enables customers of both companies to operate Nessus and/or the Passive Vulnerability Scanner (PVS) directly on the Dragon sensor. C...
Creating "Gold Build" Audit Policies
September 13, 2006Security Center users and the Direct Feed subscribers have the ability to audit the host-based configuration of their UNIX and Windows servers. Tenable has produced several audit polices based on our ...