Hill, Pete wrote: > Hi there, > > I am currently running through an audit of my estate and am trying to > find a tool that can scan the entire network and let me know where there > are any credit card details being stored. > > We have a secure set up at the moment, but we are going to be > professionally auditted soon and the auditors have mentioned they have a > tool/s that will perform this check for us. I simply want to run > through this procedure first to make sure there are no surprises when > they come in. I am comfortable that I know where our data is stored, > but want to ensure a user hasnt copied something somewhere they shouldnt > have! > > Can Nessus help me do this either on its own or in conjunction with > a.n.other tool/s?
Hi Pete, Yes. If you see the "Nessus Introduction" video, there is an example of looking for credit card numbers located here: http://www.nessus.org/demos/ The original Tenable blog concerning this release is located here: http://blog.tenablesecurity.com/2007/03/detecting_credi.html Keep in mind we've since re-branded the "Direct Feed" to the "Professional Feed". Another similar blog which identifies "Top Secret" and other typs of government keywords is here: http://blog.tenablesecurity.com/2007/05/searching_for_c.html And lastly, there was a popular blog about how as a consultant you can scan a network for SSNs and CCNs here: http://blog.tenablesecurity.com/2007/08/finding-sensiti.html The current set of audit polices for Nessus Professional Feed and Security Center users available on the Tenable Support Portal include searches for Credit Cards, Adult Media, Corporate info such as budgets and employee lists, financial statements, wire transfer logs, NDAs, Classified documents (Top Secret, Secret, .etc), EDI health care data, Driver's licenses and Social Security Numbers. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
