Re: Vulnerability Scanning Problem

[Wang Cheng <ChengW () SACREDHEART EDU>]

Hi Kim,
    It seems odd to me that a vulnerability scanner would skip a host
simply because it can't ping that host.  I would ask your vendor about
that maybe it's just a misconfiguration.  You might want to take a look
at Nessus (it's free so no harm in trying) if anything else at least to
compare results.
    If your users are joined to your domain, you can push a Windows
Firewall policy to allow ICMP echo reply, then on the network side
permit ICMP only from your scanner's IP to traverse to your hosts.  I
would not recommend doing this though.
 
Regards,
    Wang Cheng
    Information Security Officer
    Sacred Heart University
    chengw () sacredheart edu

________________________________

From: Logan, Kimberly (loganks) [mailto:LOGANKS () UCMAIL UC EDU] 
Sent: Monday, December 11, 2006 3:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability Scanning Problem



Hi Everyone,

 

Sorry if this has already been discussed, but....

 

The University of Cincinnati is using Rapid7's NeXpose as our OS level
vulnerability scanner.  Last week, we scanned 57 IP addresses and only
got returns on 14.  We believe the reason is that Microsoft SP2
installed the firewall with ICMP blocked.  We don't necessarily want to
have it unblocked for all devices, but we need to be able to scan our
devices on all subnets.  Has anyone experienced this problem and have
you been able to find any workarounds without opening things up?

 

Thanks,

 

Kim

 

Kim Logan

Information Security Officer

University of Cincinnati

(513)556-9070

kim.logan () uc edu