Girish wrote:
> Hello Ron,
>
> That was an excellent link.
> Please tell me one more thing, like if I have to scan all the protocols
> over
> TCP of a host behind the firewall from external world, should I have a
> policy for allowing all TCP traffic in my firewall?
> I hope am correct. Please correct me if I am wrong. I can proceed soon.
>
Typically, you should perform a full scan from outside your firewall to
an internal system and analyze the results. Performing a full port scan
should find allowed access to the internal systems.
Although out of scope for this mailing list, things you should consider:
- the firewall might allow access to a port closed on your target host.
If this is against policy, you might not find this with a basic scan.
- you should audit what is logged by the firewall. If your policy is to
log all blocked connections, you should see logs for your scan.
- don't forget to consider filtering that may be in place by the host, a
network device and the firewall.
Ron
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|