Please join us as we interview Ron Gula, Co-Founder of Tenable Security! We also discuss various cyber warfare topics including Al Qaeda hacking, SCADA, and our own Pentesting lab offering for the community and for hackerspaces!
SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Microsoft Security Bulletin MS09-048 – http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
Microsoft Security Bulletin MS07-063 – http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
- Who are you, and what are you doing on THIS podcast?
- Tell us about the PaulDotCom podcast (Iâ€™ve talked to SecuraBit listeners who have never heard of PDC)
- How long have you been using Nessus?
- When did you start working for Tenable?
- What is your role at Tenable?
- Whatâ€™s new in this version of Nessus?
- Are changes driven primarily by Tenable, or the community?
- What does Nessus use for a scanning engine?
- How does Nessus interact and work with Nmap?
- Explain Nessus licensing and what an individual vs a corp is entitled to.
- How much is a license?
- Cost of proffesional feed = $1200.00/year
- Home feed no longer a delay, no SCADA plugins
- How does Nessus differ from OpenVAS?
- Can you use the OpenVAS repo with Nessus?
- Talk about the extensibility of Nessus. (Scripting, etc)
- How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
- Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
- Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
- Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
- How often do you scan (and re-scan) a network?
- How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
- Are results parse-able and able to be fed into compliance and risk management tools?
- When is the next PaulDotCom episode?
- What are the topics/guests?
- What is your favorite beer?
Anthony Gartner AnthonyGartner.com @anthonygartner
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit
Ed Smiley – @edsmiley
Paul Asadoorian – @pauldotcom – http://www.pauldotcom.com
Nessus – http://www.nessus.org/nessus/
Tenable Network Security Blog and Podcast – http://blog.tenablesecurity.com/