Re: [fw-wiz] Scanning host thru Check Point
- From: Chuck Swiger <chuck@xxxxxxxxxxx>
- Date: Tue, 24 Jan 2006 08:11:55 -0500
Nick Brandson wrote:
I need to pass the IT audit requirements(e.g.SOX), scanning our public server (web,ftp..) thru our CP firewall.
1. What tools we should use? (Nessus, Internet Scanner)
Nessus is a decent tool, although I would start scanning with something like nmap first.
2. Would the penestration test/VA scanning be successful thru fw?
If someone knew the answer to this already, you wouldn't need to perform additional penetration testing.
2. Is there any add'l ports need to be opened?
#3? :-)
No, you should not open additional ports on your firewall just to permit a vulnerability scan through. Run the scanner from inside your LAN instead, if you want to test things your firewall blocks.
-- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards@xxxxxxxxxxxxxxxxxx http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Scanning host thru Check Point
- From: Nick Brandson
- [fw-wiz] Scanning host thru Check Point
- Prev by Date: RE: [fw-wiz] False results to DMZ
- Next by Date: Re: [fw-wiz] RE: IDS
- Previous by thread: [fw-wiz] Scanning host thru Check Point
- Next by thread: RE: [fw-wiz] Questions about converting FW-1 ruleset to PIX - sor t of...
- Index(es):
Relevant Pages
|
|
