So, if the server only allows 'RELATED' inbound traffic, then Nessus is correctly *not* scanning the system. As to whether the server is 'secure', that's an altogether different question. The security of the system would rely on it being hardened to network attacks (like with a firewall) AND ensuring that the systems applications are hardened.
for instance, if your machine is fully hardened with a firewall, but you are running an ftp client that has a serious bug, you are still wide open to attack; however, the latter class of bugs would require either a MITM or server->client attack...You might want to check out NeVO passive vuln scanning for a way of detecting client software vulnerabilities. John Lampe jwlampe -at- nessus.org http://f00dikator.aceryder.com/ On Wed, 28 Jan 2004, Skill2Die4 wrote: > Mistakenly Ravi sent this email to only to me... > > ----- Original Message ----- > From: "Ravi Verma" <[EMAIL PROTECTED]> > Sent: Tuesday, January 27, 2004 5:15 PM > Subject: RE: Nessus not scanning > > > Dear Friend : > > The server is configured for allowing only "RELATED" inbound traffic to > come through. It does not have any port open per say. We are using this > server as a router for the human traffic in our office. > > Is it true that nessus would not check for vulnerability of there are no > ports open? I hope it would at least certify the server as secure. > > I look forward to hearing from you. > > Regards. > > Ravi Verma > 9167053261 > > _______________________________________________ > Nessus mailing list > [EMAIL PROTECTED] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
