Re: [fw-wiz] Scanning host thru Check Point



Nick Brandson wrote:
I need to pass the IT audit requirements(e.g.SOX),
scanning our public server (web,ftp..) thru our CP
firewall.

1. What tools we should use?  (Nessus, Internet
Scanner)

Nessus is a decent tool, although I would start scanning with something like nmap first.


2. Would the penestration test/VA scanning be
successful thru fw?

If someone knew the answer to this already, you wouldn't need to perform additional penetration testing.


2. Is there any add'l ports need to be opened?

#3? :-)

No, you should not open additional ports on your firewall just to permit a vulnerability scan through. Run the scanner from inside your LAN instead, if you want to test things your firewall blocks.

--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: N-TV mit Kommentar zu "Online Durchsuchungen"
    ... Virenscanner und Firewall würden vor allem Bösen ... Das wird bei Windows ähnlich sein. ... nach verwendete Scanner, gering. ... Sondern mal zeigt der Scanner von Hersteller A bei Virus 1 einen ...
    (de.comp.security.misc)
  • Re: windows update wont work as my Automatic Update service wont ena
    ... Have checked my firewall fully allows win update--in fact, ... a-squared Free or a-squared Command Line Scanner ... a-squared Free or a-squared Command Line ... do not post HJT logs to this newsgroup. ...
    (microsoft.public.windowsupdate)
  • Re: mysterious attack on Windows 2000 servers (Help needed)
    ... > the incident they reinstalled the systems again. ... I assume you've checked the firewall logs. ... - anti-trojan scanner such as www.pestpatrol.com [they also have a free ... a file change checker such as the free Languard file integrity checker ...
    (microsoft.public.win2000.security)
  • Re: Port Probing
    ... Try running another scanner, such as a web-based scanner like grc.com ... shields up or superscan from foundstone to confirm this. ... it's not a bad idea to have a hardware firewall in addition to ... > still see the list of all 'open' ports (although the firewall is blocking ...
    (comp.security.firewalls)
  • Re: Port Probing
    ... Try running another scanner, such as a web-based scanner like grc.com ... shields up or superscan from foundstone to confirm this. ... it's not a bad idea to have a hardware firewall in addition to ... > still see the list of all 'open' ports (although the firewall is blocking ...
    (comp.security.firewalls)