Tenable Blog

Thank you for providing feedback on the Nessus HTML5 beta interface. The beta feedback period is now closed, and the Nessus HTML5 interface is generally available (GA) to Nessus ProfessionalFeed and Nessus Perimeter Service customers, as well as Nessus HomeFeed users. To access the Nessus HTML5 interface, visit https://nessusserver:8834/html5.html (replace “nessusserver” with the IP/hostname of your Nessus server).

Keeping Your Firewalls in Check

Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.

The new Windows 8 interface provides a very different user experience than past Microsoft operating systems. Nessus can enumerate and detect vulnerabilities on Windows 8 hosts.

Recently, Microsoft made several announcements surrounding new technology, including a new operating system (Windows 8) and a new tablet platform called "Surface." Windows 8 will present a new interface and several new changes under the hood. They're an offshoot of the new platform called Windows RT, a small, fast, and lightweight version designed to run on ARM-based tablets. In fact, this is much of the reason behind the concept of Windows 8 -- it’s meant to run on tablets and touch screens. Windows Phone 8 is the new OS for Windows-based phones, such as those from Nokia.

The final installment in our "Top Ten Things You Didn't Know About Nessus" video series describes how Nessus is used in the enterprise. Additional products from Tenable, such as, SecurityCenter, the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), are used to fill the gaps and extend the functionality of your vulnerability management program.

The video covers how you can overcome problems such as:

Until now, the Nessus interface has been using Flash, which has a number of advantages as a development platform, but also has a lot of drawbacks. One of the reasons we implemented a Flash interface for Nessus was that Flash "behaves the same on every browser" (which turns out is not always the case), and it was reasonably fast to run the client (it's now outperformed by the newest javascript engines). Flash also doesn't offer a good "mobile" user experience, if at all. So, it makes sense to use a standard-based technology, and we're moving to HTML5.

So we've released the HTML5 interface as a public beta -- the default Nessus interface will still be Flash for now, but if you connect to your scanner using a browser which doesn't have Flash installed, or if you go directly to the correct URL, you'll have the option to use the beta version of the HTML5 client.

The HTML5 beta interface is available immediately by accessing the URL https://localhost:8834/html5.html (where localhost is the IP address or domain name of your Nessus server). Simply make sure your Nessus plugins are up-to-date.

Tenable recently released three new checks used for auditing the configurations of Windows systems. The new configuration auditing options allow users to audit open ports. This post provides details about the three new checks, and describes how Nessus users could use them to maintain tight control over the number of open ports on their Windows systems.

1. AUDIT_ALLOWED_OPEN_PORTS

&ltcustom_item&gt

type        : AUDIT_ALLOWED_OPEN_PORTS

description : "Audit TCP Open Ports"

value_type  : POLICY_PORTS

value_data  : "445,139"

port_type   : TCP

&lt/custom_item&gt

Passwords are Like Underwear, and It's Laundry Day

Perhaps one of the most easily overlooked security problems in the industry is password security. I'm not referring to the stored end-user password problems (discussed here), but the default (or weak) usernames and password combinations used to protect common administrative interfaces to applications and systems.

The problem stares us in the face every day, each time we log into a router, database management system, or remote access console and enter a password. Often we put a lot of time and effort into securing the end user-facing passwords, such as implementing account lockout password policies and forcing them to change their passwords at a regular interval. I find it ironic that the applications and devices used to run the organization often do not implement the same controls. Hundreds of applications and/or devices are known to be deployed with default passwords, and if not changed before or immediately after they are plugged into the network, can present serious risk to the organization.

Default credentials are considered "low-hanging fruit" for two reasons. First, they are easily exploitable by an attacker and can often lead to a serious security breach. Second, once you've identified the problem, it is easy to fix by setting a more secure password.

Useful Tools

Nessus has provided organizations with a wide variety of techniques for identifying vulnerabilities in your IT infrastructure. The foundation has long been proven, as Nessus will accurately identify vulnerabilities across the network, using credentials to gather patch level and other information, and assist with system hardening by performing compliance checks.

However, in recent years there have been significant improvements made to both the Nessus scanning engine and its feature set. Of course, over time Nessus has been able to consistently shave the time it takes to remotely scan systems and networks. In addition, Nessus has added support for threading and 64-bit platforms, and improved memory management. Alongside the continuous stream of performance improvements, we've introduced many new tools for the end user.

View the top 5 major new tools, in no particular order, that are now included with Nessus and SecurityCenter.

Today, Tenable announced the availability of a new edition of SecurityCenter, called Continuous View.

This edition of SecurityCenter uniquely encompasses both scanning and monitoring, with the inclusion of Tenable's Passive Vulnerability Scanner (PVS). That makes SecurityCenter Continuous View uniquely capable of addressing vulnerability, configuration, and compliance management requirements for emerging technologies like mobile devices, cloud-based services, social applications, and virtual systems.

The flexible licensing approach provided by SecurityCenter Continuous View allows enterprise customers to deploy PVS in much the same way as they do with Nessus within SecurityCenter, pretty much as many as needed.

Existing SecurityCenter customers can upgrade to a ContinuousView license and begin to enjoy the benefits of continuous monitoring with PVS. These include:

• Real-time identification of server and client vulnerabilities
• Identification of mobile devices and their vulnerabilities
• Passive discovery of all internal and external web servers and databases
• Identification of trust and communication paths
• Passive monitoring of virtual environments

Many guidelines and compliance standards state that in order to be "secure" or "compliant" all of your systems must be patched. Turns out that this is easier said than done. Just when you believe your systems to be patched, something fails and patches seemingly disappear. We can then apply the "falling off" principal to several other areas of information technology, such as web applications, configuration management, and antivirus software. How do security controls in these areas fall off? Read about how this might happen and what you can do to help correct the problems.