mirick
asked on
Using Nessus from outside the firewall
My company is having a thorough pen test done in August but I have been asked to conduct one before then so we have an idea where we are until then. I have read a lot about Nessus, nmap and other tools that can be used. I have downloaded Nessus, but I'm a little uncertain as too how it needs to be configured in order to test our network from the outside and then where to go from there. I've read that it is a client/server config - does this mean I need a server set up on the inside of the firewall? Does nessus do security scanning on network equipment or the servers behind the equipment? the documentation didn't help me too much - maybe it's just me :)
We are using Cisco's ASA5510 and there are about 7 servers being nat'd thru. I just want to make sure the ASA is doing what it's supposed to along with the servers.
Anyway... any help with this would be greatly appreciated!
Thanx!
We are using Cisco's ASA5510 and there are about 7 servers being nat'd thru. I just want to make sure the ASA is doing what it's supposed to along with the servers.
Anyway... any help with this would be greatly appreciated!
Thanx!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you have to tell it to run the report, it will generate it and export it to one of several formats. You'll RARELY find NO vulnerabilities. Either way, the report won't be blank.
pen testing can be done with a number of different tools, freeware is available such as metasploit. Commercial programs are available, but VERY expensive. Core Impact is the best one that I've seen.
pen testing can be done with a number of different tools, freeware is available such as metasploit. Commercial programs are available, but VERY expensive. Core Impact is the best one that I've seen.
ASKER
Excellent... I finally feel like I have a place to start.
Thanks to you both!
Thanks to you both!
ASKER
So I have run the scan... while its scanning, it says scan in progress. After a few minutes, it flips over to the report tab. It shows the date/time and the scan I selected to run, and there apears to be absolutely nothing in the report. Is this good?
Also - if Nessus is for vulnerabilities, what should be used for penetration testing???