Security Basics mailing list archives
RE: Nessus Scan
From: "Mohamed Farid" <m.farid.shawara () gmail com>
Date: Mon, 4 Aug 2008 10:26:13 +0300
It happened with me before - Ask your vendor to repeat the scan ... I believe they may not find any thing regarding this prot ... Mohamed Farid ,CISSP,CCSP,S+ m.farid.shawara () gmail com -----Original Message----- From: securityfocus2 () googlegroups com [mailto:securityfocus2 () googlegroups com] On Behalf Of Chris Halverson Sent: Wednesday, August 15, 2007 10:40 PM To: mikef () everfast com Cc: security-basics () securityfocus com Subject: Re: Nessus Scan Consider finding a different PCI Scanning vendor. We are struggling along the same lines but this is an issue that may only be solved by a host based firewall that forbids opening of ports not standardized / allowed. On 15 Aug 2007 14:31:15 -0000, mikef () everfast com <mikef () everfast com> wrote:
After a recent external PCI Compliant scan one of my web servers failed
because the scanner determine that "a port was open at the beginning of the scan, and is now closed...". I've tried all sorts of things to get this corrected the results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the problem. When I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', however the my PCI scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan and resulting a non-compliance report.
I haven't been able to find anything on how to address this issue. Where
should i look to resolve this problem
Current thread:
- RE: Nessus Scan Mohamed Farid (Aug 05)