Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scanning host thru Check Point

From: Chuck Swiger <chuck () codefab com>
Date: Tue, 24 Jan 2006 08:11:55 -0500
Nick Brandson wrote:

I need to pass the IT audit requirements(e.g.SOX),
scanning our public server (web,ftp..) thru our CP
firewall.

1. What tools we should use?  (Nessus, Internet
Scanner)
Nessus is a decent tool, although I would start scanning with something like nmap first. 


2. Would the penestration test/VA scanning be
successful thru fw?
If someone knew the answer to this already, you wouldn't need to perform additional penetration testing. 


2. Is there any add'l ports need to be opened?


#3?  :-)
No, you should not open additional ports on your firewall just to permit a vulnerability scan through. Run the scanner from inside your LAN instead, if you want to test things your firewall blocks. 

--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: