Latest news
Tenable released version 4 of the Nessus vulnerability scanner. Nessus is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.One of the most notable features of Nessus 4 is the ability to create custom XSLT reports based on your scan results. Nessus now also supports a fully multi-threaded scanning engine, which is improves performance and decrease your scan times.
The following is a highlight of some of the features and improvements:
Nessus engine
- Uses the same engine on Windows and Unix-based systems for a unified experience on all platforms and more consistent results
- Fully thread-based (as opposed to process based) for better scalability and reduced memory usage
- Performance improvements to reduce CPU usage on all platforms.
- Local and remote port scanners can now be combined. For example, if you select the Nessus SYN scanner and the netstat WMI portscanner , Nessus will try to log in via WMI to enumerate the ports first, then to fall back to the SYN scanner
- The TCP SYN port scanner has been rewritten entirely and operates the same between Windows and Unix-based systems
- Native UDP port scanner (ProfessionalFeed Only).
- The database compliance checks can now log into MSSQL over SSL
- The PCI-DSS plugins are now fully supported.
- Added support for Perl Compatible Regular Expressions (PCRE) to NASL
- NASL scripts can now share results between hosts via a global knowledgebase
- New NASL functions (XML parsing, the bignum library, new packet forgery functions, new socket-related functions and more).
- Support for XLST transformations of the reports - This is one of the most exciting features and will be described in more detail in upcoming blog posts.
- The ability to export a .nessus file based on a filtered report
- Unlimited number of filters for the NessusClient on Windows and Unix-based systems.
- No external libraries are required, eliminating the need to tamper with your system configuration in /etc/ld.so.conf
- Added support for the newest Linux distributions (Debian 5, Fedora 10, etc.)
- New "linux-generic32" and "linux-generic64" builds for additional linux distributions
- 64-bit native builds of Nessus/NessusClient for FreeBSD, Windows and Linux
- All the Unix command-line tools (e.g., nessus-fetch, 'nessus', nessuscmd) now also run on Windows.
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
