SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
- Who are you, and what are you doing on THIS podcast?
- Tell us about the PaulDotCom podcast (Iâ€™ve talked to SecuraBit listeners who have never heard of PDC)
- How long have you been using Nessus?
- When did you start working for Tenable?
- What is your role at Tenable?
- Whatâ€™s new in this version of Nessus?
- Are changes driven primarily by Tenable, or the community?
- What does Nessus use for a scanning engine?
- How does Nessus interact and work with Nmap?
- Explain Nessus licensing and what an individual vs a corp is entitled to.
- Cost of proffesional feed = $1200.00/year
- Home feed no longer a delay, no SCADA plugins
- How does Nessus differ from OpenVAS?
- Can you use the OpenVAS repo with Nessus?
- Talk about the extensibility of Nessus. (Scripting, etc)
- How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
- Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
- Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
- Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
- How often do you scan (and re-scan) a network?
- How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
- Are results parse-able and able to be fed into compliance and risk management tools?
- When is the next PaulDotCom episode?
- What are the topics/guests?
- What is your favorite beer?
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit
Ed Smiley – @edsmiley
Podcast: Play in new window | Download (Duration: 1:18:04 — 35.7MB)
Sorry folks, we will not be releasing episodes out of order anymore.
In this episode we discuss:
Managing IP space inside a company network. Attributing a device on the network to an employee / function.
Standardizing vulnerability management