But assuming that they insist that the Nessus scan must be run from outside the firewall, the question is:
Is there configuration setting/requirement that must exist on the the firewall (or any other security appliance) to ensure that Nessus scans from a box outside the firewall won't be block or the resultant scan results wont't be distorted?
I will appreciate continued feedback.
Len
Jay Jacobson <[EMAIL PROTECTED]> wrote:
[snip]
> My research indicated that the threat was greatest from
> insiders, so my suggested approach was to require that the scans be ran
> from inside the network ( specifically behind the firewall.)
>
> Other will argue that the scans should be ran from outside the
> firewall since the threats are mainly external.
[snip]
I agree with most of the thoughts on this thread, but thus far the replies
have all missed a very critical point. When considering external or
internal scanning, the real answer is BOTH.
A network device (router, IDS, whatever), or even the target host, may
react very differently depending on the source of the scan and the
architecture of the network between the scanner and the target. It is very
possible to scan the same target from both the inside and the outside, and
get two very different results.
~Jay
--
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Private-Labeled Managed Vulnerability Assessment Services
..
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
Celebrate Earth Day everyday! Discover 10 things you can do to help slow climate change. Yahoo! Earth Day
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
