Is there any documentation on the best ways of securing a Nessus scanning server?
If a firewall were used, would it hinder the return results of a nessus scan? I read somewhere that partial packets wouldn't return correctly to a nessus server directly behind a firewall. If I were to use a firewall, the scanning path would be similar to this: nessusd->firewall->internet->firewall->our_network Would this packet traffic pattern break some of the scan results? I need to regularly scan our network from outside the network firewall. All scans are run locally on the nessus server via cron jobs reading scan schedules from a remote database, using the nessus command line client. I only need access to ssh into the nessus server, for software updates/patches, and to have the nessus daemon running continuously so that cron jobs can use the nessus command line client. However, the nessus daemon listens to requests on a port(1241 by default). Is there a way to configure the server or nessus to only allow nessus authentication requests on the loopback address, 127.0.0.1? I'm refreshing myself with Linux, so I've read the "Securing and Optimizing Linux: The Ultimate Solution" document from linuxsecurity.com and followed a lot of the securing suggestions. I'd prefer using a firewall in front of the nessus server as long as it won't obstruct any traffic between the nessus server and the target computer. The nessus server is running on a 1GHz Celeron, with Slackware 9.1 and most of the recent patches/upgrades. In summary, I need to continuously scan our network from the outside, and need that outside scanner to be as secure as possible while maintaining most accurate and valid return results. Any input would be greatly appreciated. Thank You, Casey K. _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
