Firewall Wizards mailing list archives
Re: Scanning host thru Check Point
From: Chuck Swiger <chuck () codefab com>
Date: Tue, 24 Jan 2006 08:11:55 -0500
Nick Brandson wrote:
I need to pass the IT audit requirements(e.g.SOX), scanning our public server (web,ftp..) thru our CP firewall. 1. What tools we should use? (Nessus, Internet Scanner)
Nessus is a decent tool, although I would start scanning with something like nmap first.
2. Would the penestration test/VA scanning be successful thru fw?
If someone knew the answer to this already, you wouldn't need to perform additional penetration testing.
2. Is there any add'l ports need to be opened?
#3? :-)No, you should not open additional ports on your firewall just to permit a vulnerability scan through. Run the scanner from inside your LAN instead, if you want to test things your firewall blocks.
-- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Scanning host thru Check Point Nick Brandson (Jan 24)
- Re: Scanning host thru Check Point Chuck Swiger (Jan 24)