Disabling Password Guessing attempts with Nessus
November 2, 2007As part of the more than 17,000 plugins available in the Nessus Direct and Registered plugin feeds, many of these look for common user name and password combinations. They will attempt to find adminis...
Nessus 3.2 beta - Automated Nessus Program Updates
October 26, 2007If you are a Nessus user, you are no doubt familiar with the process to subscribe your Nessus scanner to the Direct Feed or Registered Feed to automatically receive new vulnerability plugins produced ...
Passive SPAM Traffic Analysis
October 22, 2007This blog entry concerns passive network monitoring with both the Passive Vulnerability Scanner (PVS), as well as the Log Correlation Engine. Tenable's research group has recently introduced PVS rules...
Windows Operating System Detection via RDP
October 18, 2007Tenable Network Security's research group has released a new Nessus plugin which can make use of the Remote Desktop Protocol (RDP) to accurately detect Windows Vista, 2000 Server, 2003 Server and XP P...
Passive Vulnerability Detection & Web Application Vulnerability Assessment Seminar in Atlanta
October 18, 2007John Lampe, a senior security researcher for Tenable Network Security, will be presenting a talk and demonstration about passive network monitoring and web application vulnerability assessments. John'...
NessusClient 3.0.0 GA Release Available
October 15, 2007Tenable Network Security has officially released the GA version of the NessusClient 3.0.0. This new client can be used to manage scans and results from UNIX and Windows Nessus daemons. The major new f...
SC Magazine Awards Time
October 15, 2007It's time once again to vote for your favorite security companies and products with SC Magazine.Tenable has submitted the Nessus 3 Vulnerability Scanner for the 'Best Audit/Vulnerability Assessment' ...
Being the Caveman - Tenable Style
October 10, 2007After reading Richard Bejtlich's "Be the Caveman" blog post about the convicted hacker Robert Moore, I felt it would be interesting to show how unifying vulnerability monitoring, configurati...
SANS Technology Institute - Interview with Tenable's Director of Sales Engineering
October 9, 2007Dave Breslin, Tenable's Director of Sales Engineering, was recently interviewed by Stephen Northcutt, President of the SANS Technology Institute, about recent advances in network security and describe...
Log Correlation Engine 2.0.3 Released
October 8, 2007Tenable has recently released version 2.0.3 of the Log Correlation Engine (LCE). This blog entry will highlight the new features as well as recent enhancements to the log parsing rule sets and the eve...
Plaintext HTTP Authentication Detection
October 4, 2007Tenable's research group recently added checks to both Nessus and the Passive Vulnerability Scanner to detect HTTP authentication which occurs over plain-text. This blog entry will discuss why this is...
Why Aren't Any NAC vendors CIS Certified or speaking XCCDF?
September 27, 2007I was asked this question by a customer of ours at the recent NIST SCAP conference and I'm loosely paraphrasing: "We use Nessus and the Security Center to audit 1000s of workstations and lapt...