RE: Nessus Scan

["Serge Vondandamo" <serge.vondandamo () wanadoo fr>]

What about filtering that traffic before it reaches the host? Will that
mitigate the risk?

-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De
la part de Michael LaSalvia
Envoyé : mercredi 15 août 2007 21:50
À : mikef () everfast com; security-basics () securityfocus com
Objet : RE: Nessus Scan

Without all the information on what was open or what scanner you used it is
a little hard to fully suggest a solution. I would suggest that you shut
down the service that is running on the open port if that open port is not
needed or shutdown access to the port either via firewall or other means
such as services or tcp wrappers (if Linux). I would suggest finding another
vendor if this vendor is not responsive to the problem at hand. I would also
search your software for a place to adjust the risk as acceptable business
risk and document it.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of mikef () everfast com
Sent: Wednesday, August 15, 2007 10:31 AM
To: security-basics () securityfocus com
Subject: Nessus Scan

After a recent external PCI Compliant scan one of my web servers failed
because the scanner determine that  "a port was open at the beginning of the
scan, and is now closed...".  I've tried all sorts of things to get this
corrected the results remain. I talked with our scanning vendor they don't
seem to have answer as to how to correct the problem. When I do a Nessus
Scan on the site, Nessus reports the issue as a security note and risk
factor of '0', however the my PCI scanning vendor reports the problem as a
risk factor of 4 thus causing the server to fail the scan and resulting a
non-compliance report.



I haven't been able to find anything on how to address this issue. Where
should i look to resolve this problem