Week 4 reading and article

The reading this week discusses using Nessus as a scanning tool to find potential vulnerabilities in a system. Nessus is used to test a number of vulnerabilities in a system in one scanning swoop rather than testing them individually by hand to see if they exist. While Nessus can identify potential vulnerabilities it can’t identify why they exist, like company policies, or false positives from the scan. Another important takeaway about Nessus is that it only finds the potential vulnerabilities, it doesn’t actually fix them. It is still up to the IT department and management to use these findings as the proof needed to spark organizational change to close these security holes.

My question for the class comes from a classic example from the reading. Do you think it is best to enable all the plugins for a scan or disable the non-dangerous ones and run the rest? Are there situations where one method is better than the other?

My news article ties back to last week’s topic about public information. http://www.zdnet.com/article/microsofts-project-sonar-malware-detonation-as-a-service/

This is a story about a new malware detonation service from Microsoft. The technology itself is interesting but I thought the noteworthy thing here is that this story lead was found simply by scanning Microsoft job postings, which was one of the examples of public information we talked about in class.