Security Basics mailing list archives
Re: Nessus Scan
From: "Chris Halverson" <darus.integration () gmail com>
Date: Wed, 15 Aug 2007 13:39:59 -0600
Consider finding a different PCI Scanning vendor. We are struggling along the same lines but this is an issue that may only be solved by a host based firewall that forbids opening of ports not standardized / allowed. On 15 Aug 2007 14:31:15 -0000, mikef () everfast com <mikef () everfast com> wrote:
After a recent external PCI Compliant scan one of my web servers failed because the scanner determine that "a port was open at the beginning of the scan, and is now closed...". I've tried all sorts of things to get this corrected the results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the problem. When I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', however the my PCI scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan and resulting a non-compliance report. I haven't been able to find anything on how to address this issue. Where should i look to resolve this problem
Current thread:
- Nessus Scan mikef (Aug 15)
- Re: Nessus Scan Chris Halverson (Aug 15)
- Re: Nessus Scan Erik Luken (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 15)
- RE: Nessus Scan Erin Carroll (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 16)
- RE: Nessus Scan Erin Carroll (Aug 17)
- RE: Nessus Scan Erin Carroll (Aug 16)
- Re: Nessus Scan Chris Halverson (Aug 15)
- RE: Nessus Scan Michael LaSalvia (Aug 15)
- RE: Nessus Scan Serge Vondandamo (Aug 16)
- Re: Nessus Scan David Jacoby (Aug 17)
- RE: Nessus Scan Chandresh Dedhia (Aug 16)
- <Possible follow-ups>
- Re: Nessus Scan levinson_k (Aug 16)