I agree that scans should be completed from the inside. One
explanation that I give is if a internal user browses the Internet for
any reason, they may (unknowingly) bring inside some application -
trojan or otherwise. This trojan could now attack your servers from
the inside, thus bypassing the firewall. If your servers haven't been
hardened, then someone is going to complain.
Safest thing to do is scan them as though there is no firewall
present, review the results, and determine from the results whether
patches need to be applied, holes patched, ports disabled, etc.
Todd Adamson
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
