|
Description:
|
|
Passive Vulnerability Scanning Use Cases - You can use Tenable's Passive Vulnerability Scanner to support many different efforts in your network security strategy. For example, as part of a vulnerability assessment the PVS solves many problems. There are many points where a network vulnerability scanner can plugin and start scanning, sometimes its tough to know where to start. With the PVS, you can set it up ahead of time, and review a list of collected vulnerabilities before the audit or assessment officially begins. Intrusion monitoring also can make use of passively collected vulnerabilities, using them to correlate to intrusion events and identify other systems with the same vulnerabilities used by attackers to gain access to your network. See Ron Gula's blog post Adding Passive Vulnerability Scanning To Your Security ToolKit for more information.
"Patches Break Thingsā¦" - Believe me, I've been there. I was a Windows systems administrator, then a UNIX/Linux systems administrator. I've applied my share of patches that have blown things up. Fast forward to today, and we just can't afford to wait and test every patch, or have really long patch cycles for everything. We need multiple patch cycles. For example, when it comes to Adobe, you've got to be fast and furious with your patching. Adobe Reader should be an easy win, go ahead and push out those patches, chances are that breaking Reader will not disrupt business operations (in some cases it may). Another strategy that has merit is to patch users in groups. I had forgotten about this strategy, but nothing wrong with segmenting your users and constantly rolling out patches, watching for gotchas. Also, don't forget you can use Nessus to Auditing Adobe Reader JavaScript Settings, in addition to finding out if its patched.
Video Killed The Network Security Star - Two sets of plugins this week deal with video teleconferencing vulnerabilities from Cisco and Polycom. I've personally discovered and exploited similar vulnerabilities on enterprise networks. Attackers come in all different shapes and sizes, and while most threats are malware-based, you can't disregard the possibility of espionage or targeted attacks, they can be far reaching an damaging. Such as, an attacker snooping in on conversations with your company. Groups of attackers are out there collecting information about your organization, and selling it to other groups of attackers who use the information to exploit you. Don't give them an opportunity to snoop, patch and harden your video teleconferencing systems! |
.png)
More
Religion & Spirituality
Education
Arts and Design
Health
Fashion & Beauty
Government & Organizations
Kids & family
Music
News & Politics
Science & Medicine
Society & Culture
Sports & Recreation
TV & Film
Technology
Philosophy
Storytelling
Horror and Paranomal
True Crime
Leisure
Travel
Fiction
Crypto
Marketing
History
Comedy
Arts
Games & Hobbies
Business
Motivation