Summary: "We Don't Have Those On Our Network" - I hear this quite often from folks, especially when presenting on embedded device security issues. Those running enterprise, or even smaller, networks will state that entire categories of devices, such as Apple TV, are not in use on the network. Recently I've been highlighting the use of the network search engine Shodan to illustrate the fact that large organizations do in fact have home-based network gear. Furthermore, folks tend to find ways to use technology in the workplace to get things done. For example, someone stated they have an Apple TV in every conference room and use it for presentations. This is a great use-case for passive vulnerability scanning, finding the device in use by your organization. I'm not saying you shouldn't let the devices come on the network, but that they should receive some level of security which can only be accomplished if you know whats in use. Mobile Dashboards - Another great example of technology in use at the workplace is smartphones and tablets. The undeniable fact that such devices improve productivity has earned them a perminant place in our IT infrastructure. The amazing fact about Nessus and SecurityCenter is that you can collect information about smartphones and tablets natively from your environment to enforce policy. Nessus/SecurityCenter will use the information stored in Active Directory to list the devices in use and associated vulnerabilities. The Passive Vulnerability Scanner will collect data from the network and report on which devices and apps are in use, as well as associated vulnerabilities. All of this can be rolled up into Dashboards and Reports to aid the effort of both creating and enforcing policy.
