October 2nd, 2009
SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Microsoft Security Bulletin MS09-048 – http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
Microsoft Security Bulletin MS07-063 – http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
- Who are you, and what are you doing on THIS podcast?
- Tell us about the PaulDotCom podcast (Iâ€™ve talked to SecuraBit listeners who have never heard of PDC)
- How long have you been using Nessus?
- When did you start working for Tenable?
- What is your role at Tenable?
- Whatâ€™s new in this version of Nessus?
- Are changes driven primarily by Tenable, or the community?
- What does Nessus use for a scanning engine?
- How does Nessus interact and work with Nmap?
- Explain Nessus licensing and what an individual vs a corp is entitled to.
- How much is a license?
- Cost of proffesional feed = $1200.00/year
- Home feed no longer a delay, no SCADA plugins
- How does Nessus differ from OpenVAS?
- Can you use the OpenVAS repo with Nessus?
- Talk about the extensibility of Nessus. (Scripting, etc)
- How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
- Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
- Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
- Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
- How often do you scan (and re-scan) a network?
- How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
- Are results parse-able and able to be fed into compliance and risk management tools?
- When is the next PaulDotCom episode?
- What are the topics/guests?
- What is your favorite beer?
Anthony Gartner AnthonyGartner.com @anthonygartner
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit
Ed Smiley – @edsmiley
Paul Asadoorian – @pauldotcom – http://www.pauldotcom.com
Nessus – http://www.nessus.org/nessus/
Tenable Network Security Blog and Podcast – http://blog.tenablesecurity.com/