Solved

Using Nessus from outside the firewall

Posted on 2008-06-17
5
1,256 Views
Last Modified: 2013-11-08
My company is having a thorough pen test done in August but I have been asked to conduct one before then so we have an idea where we are until then.  I have read a lot about Nessus, nmap and other tools that can be used.  I have downloaded Nessus, but I'm a little uncertain as too how it needs to be configured in order to test our network from the outside and then where to go from there.  I've read that it is a client/server config - does this mean I need a server set up on the inside of the firewall?  Does nessus do security scanning on network equipment or the servers behind the equipment?  the documentation didn't help me too much - maybe it's just me :)

We are using Cisco's ASA5510 and there are about 7 servers being nat'd thru.  I just want to make sure the ASA is doing what it's supposed to along with the servers.

Anyway... any help with this would be greatly appreciated!

Thanx!
0
Comment
Question by:mirick
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 150 total points
ID: 21805488
Nessus is a client/server application but you can run both components on the same machine.  The windows based installation installs both components on the same box by default.  If you wanted to run a scan against your public IP range from outside the firewall you would just position your nessus scanner machine outside your ASA and then scan your public IP range.  This will test your security posture from the perspective of someone coming in through the Internet.
0
 
LVL 7

Assisted Solution

by:mabutterfield
mabutterfield earned 100 total points
ID: 21805692
I would recommend loading up both components on a laptop and run the scan from inside the firewall first.  Nessus is a Vulnerability Assessment tool, not a penetration testing tool.  By running from inside the firewall, you'll get a better idea of where your vulnerabilities are.  You'll then have a chance to fix the vulnerabilities before the pen test.

You can also run the test from both inside, and outside the firewall, then compare the results.  This will give you a good idea of what vulnerabilities you may have, but the firewall is blocking.  

Keep in mind that if one server is compromised from outside, that server can be used to attack other servers, where the firewall is useless.  This is why I recommend performing at LEAST an internal scan.

0
 

Author Comment

by:mirick
ID: 21806622
Thank you both!  That is very helpful.

So I have run the scan... while its scanning, it says scan in progress.  After a few minutes, it flips over to the report tab.  It shows the date/time and the scan I selected to run, and there apears to be absolutely nothing in the report.  Is this good?  

Also - if Nessus is for vulnerabilities, what should be used for penetration testing???
0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21806658
you have to tell it to run the report, it will generate it and export it to one of several formats.  You'll RARELY find NO vulnerabilities.  Either way, the report won't be blank.

pen testing can be done with a number of different tools, freeware is available such as metasploit.  Commercial programs are available, but VERY expensive.  Core Impact is the best one that I've seen.
0
 

Author Comment

by:mirick
ID: 21806892
Excellent... I finally feel like I have a place to start.

Thanks to you both!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Would an outbound ACL be an overkill? 3 75
How can I make my laptop run faster? 16 70
Calyptix AE1200 VLAN Question 3 40
Does Cisco ASA 5506-X have full dmz capabilities 3 37
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now