OMB allows port exceptions so you open TCP port 135 and your run the scan with
admin Nessus works just fine.
--
"When the legend becomes fact, print the legend."
-------------- Original message ----------------------
From: "Discini, Sonny" <[EMAIL PROTECTED]>
> It would be helpful for folks to know what FDCC is before continuing.
> Federal Desktop Core Configuration:
>
> The FDCC, an OMB (U.S. Office of Management and Budget) mandate,
> requires that all Federal Agencies standardize the configuration of
> approximately 300 settings on each of their Windows XP and Vista
> Computer. The reason for this standardization is to strengthen Federal
> IT security by reducing opportunities for hackers to access and exploit
> government computer systems.
>
> Yes, I have had the same result when scanning hosts that had the FDCC
> policies applied. It's a double-edged sword. If you want to scan these
> hosts, you have to undo some of the FDCC changes, which then move the
> hosts out of compliance.
>
> Sonny Discini, Senior Network Security Engineer
> Office of the CIO
> Department of Technology Services
> Montgomery County Government
>
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Puerto, Richard
> (IG/A/ITSA)
> Sent: Wednesday, July 30, 2008 8:14 AM
> To: [email protected]
> Subject: Unable to scan with Nessus when hosts have FDCC
> implemented
>
>
>
> Hello All,
>
> We have come across a site the we were auditing and conducting
> network vulnerability scans, and the Nessus report came up empty. We
> figured out that it was due to having FDCC implemented and the Nesssus
> scanner was unable to access the machine. It would detect the host being
> there but not able to access any of the host's ports.
>
> Any one else encounter this and has found a solution?
>
>
>
>
--- Begin Message ---
It would be helpful for folks to know what FDCC is before continuing.
Federal Desktop Core Configuration:
The FDCC, an OMB (U.S. Office of Management and Budget) mandate,
requires that all Federal Agencies standardize the configuration of
approximately 300 settings on each of their Windows XP and Vista
Computer. The reason for this standardization is to strengthen Federal
IT security by reducing opportunities for hackers to access and exploit
government computer systems.
Yes, I have had the same result when scanning hosts that had the FDCC
policies applied. It's a double-edged sword. If you want to scan these
hosts, you have to undo some of the FDCC changes, which then move the
hosts out of compliance.
Sonny Discini, Senior Network Security Engineer
Office of the CIO
Department of Technology Services
Montgomery County Government
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Puerto, Richard
(IG/A/ITSA)
Sent: Wednesday, July 30, 2008 8:14 AM
To: [email protected]
Subject: Unable to scan with Nessus when hosts have FDCC
implemented
Hello All,
We have come across a site the we were auditing and conducting
network vulnerability scans, and the Nessus report came up empty. We
figured out that it was due to having FDCC implemented and the Nesssus
scanner was unable to access the machine. It would detect the host being
there but not able to access any of the host's ports.
Any one else encounter this and has found a solution?
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
--- End Message ---
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
