ASA w/IPS and Nessus question

Unanswered Question
Jan 20th, 2010

Hi All,

I am planning on running a Nessus vulnerability scan against our external IP address space. I wanted to know if we need to make any changes to our firewall configuration to permit an effective scan. We have exempted Nessus traffic from being inspected by the IPS (I thought we needed to?).

I am concerned about the firewall detecting the numerous connection attempts originating from Nessus and dropping them, any suggestions/advice will help. I know I can limit this on the Nessus config but want the scans to complete in a reasonable amount of time.

Thanks in advance,

Regards,

TJ

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Dileep Sivadas ... Wed, 01/20/2010 - 21:58

Why do you want to give exemption in ASA for external testing.

The purpose of external testing is to verify the operations firewall against reconnaissance, scanning ,attack against your network.

You do not want to this will happen on your network correct? Then what you need to test.

Check what are vulnerabilities nessus can find out without any changes to the ASA. There will be many depending on your configuration.

Then find out ways ( may require configuration changes on asa or servers) to prevent this kind of future scans.

Also there is another method of testing called internal testing , where you can test your firewall and other systems that are exposed to outside network from your internal network. This is more convienent to find out vulnerabilities than run an external scan.

If your intension is to find out vulnerabilities in DMZ servers , then it is better to go for an internal testing ( exteranl ips are NATed to inside,dmz) .

Dileep

Actions

This Discussion

Related Content