Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
pci plugins....
kalin at el
Mar 13, 2009, 9:59 PM
Post #1 of 9 (16483 views)
Permalink
hi all... i used to use nessus at my old job (currently
unemployed)... it was pretty cool.

now i had to get some license (?!?)

the thing is the email came with the 'license' and the following
explanation on how to use it:

To activate your account, open the program 'Nessus Server Manager'
located under /Applications/Nessus/ and enter your activation
code in the program.

after a while of trying to figure out how/where to "enter" the code "in
the program" - there is no prompt or anything, and no menu option - i
just found the bin under Library and did the command line activation.
passed that it took a while to get the new plugins. but still the
plugins from the demo video are not there.
there are some PCI audit pluggins i'd like to use. excuse me, test...
it's not 'over a network'... cause you know, now that is, and i quote,
"strictly prohibited". like it's a felony or something to try to figure
out if your own machine is pci complient...

does anybody know where can i get those? i'd appreciate very much.

thanks....
Re: pci plugins.... [ In reply to ]
alex at sendsecure
Mar 16, 2009, 6:05 AM
Post #2 of 9 (15977 views)
Permalink
You didn't use it that much, did you? :)

It is all there on the web site:

http://www.nessus.org/plugins/index.php?view=register-info

Alex



kalin m wrote:
>
> hi all... i used to use nessus at my old job (currently
> unemployed)... it was pretty cool.
>
> now i had to get some license (?!?)
>
> the thing is the email came with the 'license' and the following
> explanation on how to use it:
> To activate your account, open the program 'Nessus Server Manager'
> located under /Applications/Nessus/ and enter your activation
> code in the program.
>
> after a while of trying to figure out how/where to "enter" the code
> "in the program" - there is no prompt or anything, and no menu option
> - i just found the bin under Library and did the command line
> activation. passed that it took a while to get the new plugins. but
> still the plugins from the demo video are not there.
> there are some PCI audit pluggins i'd like to use. excuse me, test...
> it's not 'over a network'... cause you know, now that is, and i
> quote, "strictly prohibited". like it's a felony or something to try
> to figure out if your own machine is pci complient...
>
> does anybody know where can i get those? i'd appreciate very much.
>
> thanks....
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.237 / Virus Database: 270.11.15/2004 - Release Date: 03/16/09 07:04:00
>
>
Re: pci plugins.... [ In reply to ]
rgula at tenablesecurity
Mar 16, 2009, 7:07 AM
Post #3 of 9 (15967 views)
Permalink
Hi Kalin,

The Nessus scanner must be subscribed to the ProfessionalFeed. Once
it is subscribed, it will download the PCI plugins.

If you have subscribed to the Home Feed, the PCI plugins are not
available.

Ron Gula


kalin m wrote:
>
> hi all... i used to use nessus at my old job (currently
> unemployed)... it was pretty cool.
>
> now i had to get some license (?!?)
>
> the thing is the email came with the 'license' and the following
> explanation on how to use it:
>
> To activate your account, open the program 'Nessus Server Manager'
> located under /Applications/Nessus/ and enter your activation
> code in the program.
>
> after a while of trying to figure out how/where to "enter" the code "in
> the program" - there is no prompt or anything, and no menu option - i
> just found the bin under Library and did the command line activation.
> passed that it took a while to get the new plugins. but still the
> plugins from the demo video are not there.
> there are some PCI audit pluggins i'd like to use. excuse me, test...
> it's not 'over a network'... cause you know, now that is, and i quote,
> "strictly prohibited". like it's a felony or something to try to figure
> out if your own machine is pci complient...
>
> does anybody know where can i get those? i'd appreciate very much.
>
> thanks....
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: pci plugins.... [ In reply to ]
jbirk at birksystems
Mar 16, 2009, 8:57 AM
Post #4 of 9 (15979 views)
Permalink
Also, if you're just doing one machine and not for anything
"official" (like a PCI DSS certification), you can just follow any one
of the ubiquitous "12 steps to PCI" documents all over the web and be
just fine. Unless you're in a pretty complex environment, the regular
feed will give you a very good idea of how broken your stuff is.

On Mar 16, 2009, at 10:07 AM, Ron Gula wrote:

> Hi Kalin,
>
> The Nessus scanner must be subscribed to the ProfessionalFeed. Once
> it is subscribed, it will download the PCI plugins.
>
> If you have subscribed to the Home Feed, the PCI plugins are not
> available.
>
> Ron Gula
>
>
> kalin m wrote:
>>
>> hi all... i used to use nessus at my old job (currently
>> unemployed)... it was pretty cool.
>>
>> now i had to get some license (?!?)
>>
>> the thing is the email came with the 'license' and the following
>> explanation on how to use it:
>>
>> To activate your account, open the program 'Nessus Server Manager'
>> located under /Applications/Nessus/ and enter your activation
>> code in the program.
>>
>> after a while of trying to figure out how/where to "enter" the code
>> "in
>> the program" - there is no prompt or anything, and no menu option - i
>> just found the bin under Library and did the command line activation.
>> passed that it took a while to get the new plugins. but still the
>> plugins from the demo video are not there.
>> there are some PCI audit pluggins i'd like to use. excuse me, test...
>> it's not 'over a network'... cause you know, now that is, and i
>> quote,
>> "strictly prohibited". like it's a felony or something to try to
>> figure
>> out if your own machine is pci complient...
>>
>> does anybody know where can i get those? i'd appreciate very much.
>>
>> thanks....
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Nessus mailing list
>> Nessus@list.nessus.org
>> http://mail.nessus.org/mailman/listinfo/nessus
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: pci plugins.... [ In reply to ]
kalin at el
Mar 16, 2009, 10:33 AM
Post #5 of 9 (15967 views)
Permalink
i can't pay $1200 a year to check if 3 machines are pci comliant every 6
months or so. just don't have it.


Alex wrote:
> You didn't use it that much, did you? :)
>
> It is all there on the web site:
>
> http://www.nessus.org/plugins/index.php?view=register-info
>
> Alex
>
>
>
> kalin m wrote:
>>
>> hi all... i used to use nessus at my old job (currently
>> unemployed)... it was pretty cool.
>>
>> now i had to get some license (?!?)
>>
>> the thing is the email came with the 'license' and the following
>> explanation on how to use it:
>> To activate your account, open the program 'Nessus Server Manager'
>> located under /Applications/Nessus/ and enter your activation
>> code in the program.
>>
>> after a while of trying to figure out how/where to "enter" the code
>> "in the program" - there is no prompt or anything, and no menu option
>> - i just found the bin under Library and did the command line
>> activation. passed that it took a while to get the new plugins. but
>> still the plugins from the demo video are not there.
>> there are some PCI audit pluggins i'd like to use. excuse me,
>> test... it's not 'over a network'... cause you know, now that is,
>> and i quote, "strictly prohibited". like it's a felony or something
>> to try to figure out if your own machine is pci complient...
>>
>> does anybody know where can i get those? i'd appreciate very much.
>>
>> thanks....
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Nessus mailing list
>> Nessus@list.nessus.org
>> http://mail.nessus.org/mailman/listinfo/nessus
>> ------------------------------------------------------------------------
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.0.237 / Virus Database: 270.11.15/2004 - Release Date: 03/16/09 07:04:00
>>
>>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
Re: pci plugins.... [ In reply to ]
alex at sendsecure
Mar 16, 2009, 10:43 AM
Post #6 of 9 (15977 views)
Permalink
I was referring to "Home feed" information if you need Nessus for
non-commercial use - just to hone your skills. If you need PCI
compliance, there are other ways to achieve and determine if you are
compliant. I believe self-assessment questionere should be sufficient
for small volume vendors. You can find all the information at:

https://www.pcisecuritystandards.org/

Alex



kalin m wrote:
>
> i can't pay $1200 a year to check if 3 machines are pci comliant every
> 6 months or so. just don't have it.
>
>
> Alex wrote:
>> You didn't use it that much, did you? :)
>>
>> It is all there on the web site:
>>
>> http://www.nessus.org/plugins/index.php?view=register-info
>>
>> Alex
>>
>>
>>
>> kalin m wrote:
>>>
>>> hi all... i used to use nessus at my old job (currently
>>> unemployed)... it was pretty cool.
>>>
>>> now i had to get some license (?!?)
>>>
>>> the thing is the email came with the 'license' and the following
>>> explanation on how to use it:
>>> To activate your account, open the program 'Nessus Server Manager'
>>> located under /Applications/Nessus/ and enter your activation
>>> code in the program.
>>>
>>> after a while of trying to figure out how/where to "enter" the code
>>> "in the program" - there is no prompt or anything, and no menu
>>> option - i just found the bin under Library and did the command line
>>> activation. passed that it took a while to get the new plugins. but
>>> still the plugins from the demo video are not there.
>>> there are some PCI audit pluggins i'd like to use. excuse me,
>>> test... it's not 'over a network'... cause you know, now that is,
>>> and i quote, "strictly prohibited". like it's a felony or something
>>> to try to figure out if your own machine is pci complient...
>>>
>>> does anybody know where can i get those? i'd appreciate very much.
>>>
>>> thanks....
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Nessus mailing list
>>> Nessus@list.nessus.org
>>> http://mail.nessus.org/mailman/listinfo/nessus
>>> ------------------------------------------------------------------------
>>>
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG - www.avg.com
>>> Version: 8.0.237 / Virus Database: 270.11.15/2004 - Release Date: 03/16/09 07:04:00
>>>
>>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Nessus mailing list
>> Nessus@list.nessus.org
>> http://mail.nessus.org/mailman/listinfo/nessus
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.237 / Virus Database: 270.11.15/2004 - Release Date: 03/16/09 07:04:00
>
>
Re: pci plugins.... [ In reply to ]
kalin at el
Mar 16, 2009, 11:52 AM
Post #7 of 9 (15971 views)
Permalink
thanks Alex... i'm aware of the self-assessment questionnaire. i had to
deal with it a few times. i just ratter not deal with it too much
anymore. it's mostly a bureaucratic process to which i developed a
strong allergy. anything that can ease the symptoms is more attractive.
i just don't like when another useful open source tool goes proprietary
and everybody - big fat corporations and single users alike - are thrown
in the same $1200 dollar/year bucket.

anyway... there is nothing i can about this now.



Alex wrote:
> I was referring to "Home feed" information if you need Nessus for
> non-commercial use - just to hone your skills. If you need PCI
> compliance, there are other ways to achieve and determine if you are
> compliant. I believe self-assessment questionere should be sufficient
> for small volume vendors. You can find all the information at:
>
> https://www.pcisecuritystandards.org/
>
> Alex
>
>
>
> kalin m wrote:
>>
>> i can't pay $1200 a year to check if 3 machines are pci comliant
>> every 6 months or so. just don't have it.
>>
>>
>> Alex wrote:
>>> You didn't use it that much, did you? :)
>>>
>>> It is all there on the web site:
>>>
>>> http://www.nessus.org/plugins/index.php?view=register-info
>>>
>>> Alex
>>>
>>>
>>>
>>> kalin m wrote:
>>>>
>>>> hi all... i used to use nessus at my old job (currently
>>>> unemployed)... it was pretty cool.
>>>>
>>>> now i had to get some license (?!?)
>>>>
>>>> the thing is the email came with the 'license' and the following
>>>> explanation on how to use it:
>>>> To activate your account, open the program 'Nessus Server Manager'
>>>> located under /Applications/Nessus/ and enter your activation
>>>> code in the program.
>>>>
>>>> after a while of trying to figure out how/where to "enter" the code
>>>> "in the program" - there is no prompt or anything, and no menu
>>>> option - i just found the bin under Library and did the command
>>>> line activation. passed that it took a while to get the new
>>>> plugins. but still the plugins from the demo video are not there.
>>>> there are some PCI audit pluggins i'd like to use. excuse me,
>>>> test... it's not 'over a network'... cause you know, now that is,
>>>> and i quote, "strictly prohibited". like it's a felony or something
>>>> to try to figure out if your own machine is pci complient...
>>>>
>>>> does anybody know where can i get those? i'd appreciate very much.
>>>>
>>>> thanks....
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Nessus mailing list
>>>> Nessus@list.nessus.org
>>>> http://mail.nessus.org/mailman/listinfo/nessus
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> No virus found in this incoming message.
>>>> Checked by AVG - www.avg.com
>>>> Version: 8.0.237 / Virus Database: 270.11.15/2004 - Release Date: 03/16/09 07:04:00
>>>>
>>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Nessus mailing list
>>> Nessus@list.nessus.org
>>> http://mail.nessus.org/mailman/listinfo/nessus
>> ------------------------------------------------------------------------
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.0.237 / Virus Database: 270.11.15/2004 - Release Date: 03/16/09 07:04:00
>>
>>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
Re: pci plugins.... [ In reply to ]
rgula at tenablesecurity
Mar 16, 2009, 1:26 PM
Post #8 of 9 (15969 views)
Permalink
kalin m wrote:
>
> thanks Alex... i'm aware of the self-assessment questionnaire. i had to
> deal with it a few times. i just ratter not deal with it too much
> anymore. it's mostly a bureaucratic process to which i developed a
> strong allergy. anything that can ease the symptoms is more attractive.
> i just don't like when another useful open source tool goes proprietary
> and everybody - big fat corporations and single users alike - are thrown
> in the same $1200 dollar/year bucket.
>
> anyway... there is nothing i can about this now.

Hi there,

Just for the record, the Nessus ability to perform PCI auditing and
much of the features that were added to Nessus over the past few years
by Tenable were never an open source project that was closed.

And although I appreciate your insight on our pricing, $1200/year is
very competitive in a wide variety of markets.

Ron Gula
Tenable Network Security




_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: pci plugins.... [ In reply to ]
kalin at el
Mar 16, 2009, 2:25 PM
Post #9 of 9 (15979 views)
Permalink
thanks Ron...
i was just saying that for a company that has above 100 workers (or
servers/worksattions) is infinitely easier (and feasible) to pay your
company $1200 a year to audit their network. a single user as i am that
uses your tool sporadically for about 3 machines total is way too much.
yet by default i'm placed in the same category as the aformentioned
company. in your business mind that can be 'very competitive in a wide
variety of markets'. in my 'local market' is way too much.
that's all.

and you are probably correct about the pci features - they might have
not been available in the open version of the application. i was left
with the impression that some of them were under the "experimental
scripts". of course i might be wrong there too. but i saw the video that
you sent me when i registered for the 'home' version. so i naturally got
exited and looked for those first after the plugin update. imagine my
surprise...

anyway.. i appreciate your clarification on the pricing. thank you.


Ron Gula wrote:
> kalin m wrote:
>
>> thanks Alex... i'm aware of the self-assessment questionnaire. i had to
>> deal with it a few times. i just ratter not deal with it too much
>> anymore. it's mostly a bureaucratic process to which i developed a
>> strong allergy. anything that can ease the symptoms is more attractive.
>> i just don't like when another useful open source tool goes proprietary
>> and everybody - big fat corporations and single users alike - are thrown
>> in the same $1200 dollar/year bucket.
>>
>> anyway... there is nothing i can about this now.
>>
>
> Hi there,
>
> Just for the record, the Nessus ability to perform PCI auditing and
> much of the features that were added to Nessus over the past few years
> by Tenable were never an open source project that was closed.
>
> And although I appreciate your insight on our pricing, $1200/year is
> very competitive in a wide variety of markets.
>
> Ron Gula
> Tenable Network Security
>
>
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal