I appreciate the feedback so far...
But assuming that they insist that the Nessus scan must be run from outside the
firewall, the question is:
Is there configuration setting/requirement that must exist on the the firewall
(or any other security appliance) to ensure that Nessus scans from a box
outside the firewall won't be block or the resultant scan results wont't be
distorted?
I will appreciate continued feedback.
Len
Jay Jacobson <jay@edgeos.com> wrote:
[snip]
My research indicated that the threat was greatest from
insiders, so my suggested approach was to require that the scans be ran
from inside the network ( specifically behind the firewall.)
Other will argue that the scans should be ran from outside the
firewall since the threats are mainly external.
[snip]
I agree with most of the thoughts on this thread, but thus far the replies
have all missed a very critical point. When considering external or
internal scanning, the real answer is BOTH.
A network device (router, IDS, whatever), or even the target host, may
react very differently depending on the source of the scan and the
architecture of the network between the scanner and the target. It is very
possible to scan the same target from both the inside and the outside, and
get two very different results.
~Jay
--
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Private-Labeled Managed Vulnerability Assessment Services
..
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
---------------------------------
Celebrate Earth Day everyday! Discover 10 things you can do to help slow
climate change. Yahoo! Earth Day_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
