SecuraBit » openvas http://www.securabit.com SecuraBit Before It Bytes! Mon, 26 Jul 2010 04:33:47 +0000 en hourly 1 http://wordpress.org/?v=3.0 This is a Computer Security podcast brought to you by the guys at SecuraBit.com. Please visit our web site at http://www.securabit.com or send questions/comments to feedback@securabit.com Thanks for listening! SecuraBit no SecuraBit feedback@securabit.com feedback@securabit.com (SecuraBit) SecuraBit LLC SecuraBit Before It Bytes! security, forensics, hacking, infosec, securabit, podcast, sans, drinking, beer SecuraBit » openvas http://securabit.com/securabitrsssmall.jpg http://www.securabit.com SecuraBit Episode 40 – Paul WHO???? http://www.securabit.com/2009/10/02/securabit-episode-40-paul-who/?utm_source=rss&utm_medium=rss&utm_campaign=securabit-episode-40-paul-who http://www.securabit.com/2009/10/02/securabit-episode-40-paul-who/#comments Sat, 03 Oct 2009 02:12:56 +0000 AnthonyGartner http://www.securabit.com/?p=865 SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
Intro Questions:
  • Who are you, and what are you doing on THIS podcast?
  • Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC)
  • How long have you been using Nessus?
  • When did you start working for Tenable?
  • What is your role at Tenable?
Nessus Questions:
  • What’s new in this version of Nessus?
  • Are changes driven primarily by Tenable, or the community?
  • What does Nessus use for a scanning engine?
  • How does Nessus interact and work with Nmap?
  • Explain Nessus licensing and what an individual vs a corp is entitled to.
  • How much is a license?
  • Cost of proffesional feed = $1200.00/year
  • Home feed no longer a delay, no SCADA plugins
  • How does Nessus differ from OpenVAS?
  • Can you use the OpenVAS repo with Nessus?
  • Talk about the extensibility of Nessus. (Scripting, etc)
  • How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
  • Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
  • Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
  • Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
  • How often do you scan (and re-scan) a network?
  • How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
  • Are results parse-able and able to be fed into compliance and risk management tools?
Other Questions:
  • When is the next PaulDotCom episode?
  • What are the topics/guests?
  • What is your favorite beer?
Hosts:
Anthony Gartner – AnthonyGartner.com @anthonygartner
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Ed Smiley – @edsmiley
Guest:
Paul Asadoorian – @pauldotcom – http://www.pauldotcom.com
Links:
Tenable Network Security Blog and Podcast – http://blog.tenablesecurity.com/
]]> http://www.securabit.com/2009/10/02/securabit-episode-40-paul-who/feed/ 0 Andrew Borel,Anthony Gartner,Christopher Mills,Ed Smiley,MS07-063,MS09-049,nessus,nmap,openvas,Paul Asadoorian,Pauldotcom.com,Tenable SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian Microsoft Security Bulletin MS09-048 - http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx Microsoft Security Bulletin MS07-063 - http://www.microsoft. SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian Microsoft Security Bulletin MS09-048 - http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx Microsoft Security Bulletin MS07-063 - http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx Renaud script to go from Nmap to Nessus Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus) Intro Questions: Who are you, and what are you doing on THIS podcast? Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC) How long have you been using Nessus? When did you start working for Tenable? What is your role at Tenable? Nessus Questions: What’s new in this version of Nessus? Are changes driven primarily by Tenable, or the community? What does Nessus use for a scanning engine? How does Nessus interact and work with Nmap? Explain Nessus licensing and what an individual vs a corp is entitled to. How much is a license? Cost of proffesional feed = $1200.00/year Home feed no longer a delay, no SCADA plugins How does Nessus differ from OpenVAS? Can you use the OpenVAS repo with Nessus? Talk about the extensibility of Nessus. (Scripting, etc) How does Nessus work with OVAL definitions? How does this help for FDCC compliance? Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus? Implementation and Operation questions (How Paul Does Things): Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why? Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff? How often do you scan (and re-scan) a network? How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT) Are results parse-able and able to be fed into compliance and risk management tools? Other Questions: When is the next PaulDotCom episode? What are the topics/guests? What is your favorite beer? Hosts: Anthony Gartner – AnthonyGartner.com @anthonygartner Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Ed Smiley - @edsmiley Guest: Paul Asadoorian - @pauldotcom - http://www.pauldotcom.com Links: Nessus - http://www.nessus.org/nessus/ Tenable Network Security Blog and Podcast - http://blog.tenablesecurity.com/ SecuraBit no 1:18:04 Episode 20: Time Warp Again! http://www.securabit.com/2009/02/10/episode-20-time-warp-again/?utm_source=rss&utm_medium=rss&utm_campaign=episode-20-time-warp-again http://www.securabit.com/2009/02/10/episode-20-time-warp-again/#comments Tue, 10 Feb 2009 23:31:01 +0000 Chris http://securabit.com/?p=431 Sorry folks, we will not be releasing episodes out of order anymore.

In this episode we discuss:

Managing IP space inside a company network. Attributing a device on the network to an employee / function.

Standardizing vulnerability management using Security Content Automation Protocol (SCAP) and Open Vulnerability Assessment System (OpenVAS).

And briefly touch on the Obama Administration’s Outline for their Cyber Security Strategy.

Use our Forums!

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Andrew Borel – @Andrew_Secbit

Special Guest:

Tim Krabec (@tkrabec) of the SMBMinute.com

Important links for the show and documents used:

Open Vulnerability Assessment System
Security Content Automation Protocol
Obama Administration Outlines Cyber Security Strategy
More Cyber Security Regulations Recommended

]]> http://www.securabit.com/2009/02/10/episode-20-time-warp-again/feed/ 0