Security Basics mailing list archives
RE: Nessus Scan
From: "Michael LaSalvia" <mike () genxweb net>
Date: Wed, 15 Aug 2007 15:50:04 -0400
Without all the information on what was open or what scanner you used it is a little hard to fully suggest a solution. I would suggest that you shut down the service that is running on the open port if that open port is not needed or shutdown access to the port either via firewall or other means such as services or tcp wrappers (if Linux). I would suggest finding another vendor if this vendor is not responsive to the problem at hand. I would also search your software for a place to adjust the risk as acceptable business risk and document it. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mikef () everfast com Sent: Wednesday, August 15, 2007 10:31 AM To: security-basics () securityfocus com Subject: Nessus Scan After a recent external PCI Compliant scan one of my web servers failed because the scanner determine that "a port was open at the beginning of the scan, and is now closed...". I've tried all sorts of things to get this corrected the results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the problem. When I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', however the my PCI scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan and resulting a non-compliance report. I haven't been able to find anything on how to address this issue. Where should i look to resolve this problem
Current thread:
- Nessus Scan mikef (Aug 15)
- Re: Nessus Scan Chris Halverson (Aug 15)
- Re: Nessus Scan Erik Luken (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 15)
- RE: Nessus Scan Erin Carroll (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 16)
- RE: Nessus Scan Erin Carroll (Aug 17)
- RE: Nessus Scan Erin Carroll (Aug 16)
- Re: Nessus Scan Chris Halverson (Aug 15)
- RE: Nessus Scan Michael LaSalvia (Aug 15)
- RE: Nessus Scan Serge Vondandamo (Aug 16)
- Re: Nessus Scan David Jacoby (Aug 17)
- RE: Nessus Scan Chandresh Dedhia (Aug 16)
- <Possible follow-ups>
- Re: Nessus Scan levinson_k (Aug 16)
- Re: RE: Nessus Scan mikef (Aug 16)
- Re: Nessus Scan Steve Hillier (Aug 16)
- Re: Nessus Scan mikef (Aug 16)
- Re: Nessus Scan mikef (Aug 16)