Finding Sensitive Data as a Consultant with Nessus
August 29, 2007There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. Another valuable service that can be perf...
Solaris PCI Audits and other Updates
August 20, 2007Tenable Network Security has released a Solaris audit policy for PCI 1.1 configurations. We've also released a new SuSE Linux best practices audit policy and have updated several others. These are al...
CIS Certified Windows 2003 Member Server Audits
August 10, 2007Tenable Network Security was recently awarded Center for Internet Security (CIS) certification to perform audits of Windows 2003 Member Servers through Nessus Direct Feed and/or Security Center agent...
Federally Mandated Configuration Settings for XP and Vista
August 8, 2007The Office of Management and Budget recently released new configuration guidelines for Windows XP and Vista that all Federal agencies need to adopt by February 1, 2008. The guidelines are known as the...
PCI Configuration Audits with Nessus
July 3, 2007Tenable's Research group has produced two Nessus PCI configuration .audit files for both the Windows and Linux operating systems. These configuration checks are derived from specific recommendations a...
New Keywords and APIs for UNIX Compliance Checks
May 29, 2007Tenable has recently added several new APIs to the UNIX compliance checks. This blog entry discusses the new checks with several examples. These APIs are available to Direct Feed and Security Center u...
CIS "Best Practices" Certification For Nessus Audits
May 21, 2007Tenable was recently awarded certification to perform three different Center For Internet Security (CIS) Windows Domain Controller audits with the Nessus 3 scanner and Security Center. This blog entr...
Searching for "Classified" Content in Documents
May 18, 2007Sensitive government and military organizations classify their documents with familiar terms like "TOP SECRET" and also less well known terms like "NOFORN" (which means the data can't be shared with ...
Vista Configuration Auditing
May 4, 2007Tenable's research group has released a set of seven audit policies for the Vista operating system. These polices are based directly off of Microsoft's Windows Vista Security Guide. This blog entry di...
NIST Audit Policies for Nessus 3
April 30, 2007Tenable has released our first batch of audit policies which can test Windows 2000, 2003 and XP Pro systems for compliance with NIST best practice configuration standards. These ".audit" checks are c...
Finding Low Frequency Events
April 23, 2007Very often when I speak with Tenable customers about performing IDS or Event analysis, I ask them if they use the Time Distribution tool under the Security Center. This tool is used to identify any co...
Detection of Non Disclosure Agreements with Nessus
April 6, 2007Modern business attempt to put in place "Non Disclosure Agreements" with each other. These agreements dictate the rules for use for knowledge gained through interaction with each other. Tenable's res...