08-28-2015 01:30 PM
Hello,
Does anyone else out there scan their firewalls with Nessus? Just curious if you have some other definitions defined other than what tenable has listed on their support site. I've tried google but its not helping much.
Thanks in advance!
09-01-2015 04:23 PM
This document https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-ben... help guide you through all the basics to help ensue you are not missing anything obvious. Taking a more agressive response with your IPS responses (default actions of reset and drop) and using an exception response of block-ip will reduce the effectiveness of a scanning tool.
Hope this helps,
Phil
08-28-2015 02:00 PM
why are you scanning your firewall with nessus? are you getting useful information?
08-28-2015 02:06 PM
Compliance requirements from our customers. As for unseful info, not for me with the baked in plugins and compliance checks they have. It looks for some best practices stuff that could be useful to someone that has not configured everything or just a quick check to see if things are configured.
08-28-2015 02:09 PM
Very interesting - I would never have thought of scanning a firewall with nessus not sure that it would be much good
08-28-2015 02:28 PM
Yeah it can be handy to just make sure best practices are followed, etc.
08-28-2015 05:55 PM
Hey,
I wanted to share my one case with Nessus.
https://discussions.tenable.com/message/32299#32299
Plugin ID 83875.
This is a false positiveand Nessus is working to fix this.
Thanks!
09-01-2015 04:23 PM
This document https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-ben... help guide you through all the basics to help ensue you are not missing anything obvious. Taking a more agressive response with your IPS responses (default actions of reset and drop) and using an exception response of block-ip will reduce the effectiveness of a scanning tool.
Hope this helps,
Phil
09-02-2015 02:40 PM
Doing more digging I also found the following its still beta however...
http://iase.disa.mil/stigs/Pages/index.aspx
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
