Ask and ye shall receive. Tenable quietly updated Nessus compliance checks today, adding some fancy new “Open Port” auditing features. Among other things, new rules mean that your audit files can now check for a list of allowed and denied ports, as well as ensure that that open ports are bound by a particular process name. You can couple the process name check with a File checksum check to ensure that someone didn’t just rename their netcat bindshell “iis.exe” or something else clever.
This new check can really improve a security administrator’s life — now an automatic, once-weekly credentialed audit can be performed against network systems instead of the usual noisy portscan to ensure that open services fall in line with policy and expectations.