Solved

Using Nessus from outside the firewall

Posted on 2008-06-17
5
1,260 Views
Last Modified: 2013-11-08
My company is having a thorough pen test done in August but I have been asked to conduct one before then so we have an idea where we are until then.  I have read a lot about Nessus, nmap and other tools that can be used.  I have downloaded Nessus, but I'm a little uncertain as too how it needs to be configured in order to test our network from the outside and then where to go from there.  I've read that it is a client/server config - does this mean I need a server set up on the inside of the firewall?  Does nessus do security scanning on network equipment or the servers behind the equipment?  the documentation didn't help me too much - maybe it's just me :)

We are using Cisco's ASA5510 and there are about 7 servers being nat'd thru.  I just want to make sure the ASA is doing what it's supposed to along with the servers.

Anyway... any help with this would be greatly appreciated!

Thanx!
0
Comment
Question by:mirick
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 150 total points
ID: 21805488
Nessus is a client/server application but you can run both components on the same machine.  The windows based installation installs both components on the same box by default.  If you wanted to run a scan against your public IP range from outside the firewall you would just position your nessus scanner machine outside your ASA and then scan your public IP range.  This will test your security posture from the perspective of someone coming in through the Internet.
0
 
LVL 7

Assisted Solution

by:mabutterfield
mabutterfield earned 100 total points
ID: 21805692
I would recommend loading up both components on a laptop and run the scan from inside the firewall first.  Nessus is a Vulnerability Assessment tool, not a penetration testing tool.  By running from inside the firewall, you'll get a better idea of where your vulnerabilities are.  You'll then have a chance to fix the vulnerabilities before the pen test.

You can also run the test from both inside, and outside the firewall, then compare the results.  This will give you a good idea of what vulnerabilities you may have, but the firewall is blocking.  

Keep in mind that if one server is compromised from outside, that server can be used to attack other servers, where the firewall is useless.  This is why I recommend performing at LEAST an internal scan.

0
 

Author Comment

by:mirick
ID: 21806622
Thank you both!  That is very helpful.

So I have run the scan... while its scanning, it says scan in progress.  After a few minutes, it flips over to the report tab.  It shows the date/time and the scan I selected to run, and there apears to be absolutely nothing in the report.  Is this good?  

Also - if Nessus is for vulnerabilities, what should be used for penetration testing???
0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21806658
you have to tell it to run the report, it will generate it and export it to one of several formats.  You'll RARELY find NO vulnerabilities.  Either way, the report won't be blank.

pen testing can be done with a number of different tools, freeware is available such as metasploit.  Commercial programs are available, but VERY expensive.  Core Impact is the best one that I've seen.
0
 

Author Comment

by:mirick
ID: 21806892
Excellent... I finally feel like I have a place to start.

Thanks to you both!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Excessive tcp resends from my ASA 7 80
Does Cisco ASA 5506-X have full dmz capabilities 3 138
How to set DHCPv6 options on a Sonicwall? 13 198
Turn off SIP ALG - Cisco ASA 5505 1 209
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question