vijay...@cognizant.com wrote: > Hi, > > We are about to run a VA scan on ISA 2006 proxy servers (deployed on > Windows 2003) in our environment. Please let us know the availability of > Nessus policies (plugins) to test the security of the underlying server > and the correctness of ISA setup and configuration. > > Thanks in advance. > > Kind Regards, > Vijay > Global Infosec Team > Cognizant India >
Hi Vijay, If you go to http://www.nessus.org/plugins/index.php you can search the Nessus plugins that are available. Typing in "ISA" there were several hits for for Microsoft ISA vulnerabilities. I suggest that you perform a full credentialed audit of the ISA firewall to see what ports are open, what OS patches could be needed and to see if there are any other types of software installed that could be vulnerable. Also, since you mentioned configuration, if you are referring to a Nessus .audit policy for ISA firewalls, this is not something we've developed or currently working on at Tenable. If you write an audit policy for ISA firewalls and want to share it with other Nessus Profession Feed subscribers, I suggest you post it to the Discussions forum located here: https://discussions.nessus.org/index.jspa Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus