RE: Nessus Scan


I would suggest you to use the service from scan alert which is an approved scan vendor from VISA / MasterCard and is free. Also what I have experienced that different vendors rate the level of risk differently.

Thanks & Regards
Chandresh Dedhia

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of mikef@xxxxxxxxxxxx
Sent: Wednesday, August 15, 2007 8:01 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Nessus Scan

After a recent external PCI Compliant scan one of my web servers failed because the scanner determine that "a port was open at the beginning of the scan, and is now closed...". I've tried all sorts of things to get this corrected the results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the problem. When I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', however the my PCI scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan and resulting a non-compliance report.

I haven't been able to find anything on how to address this issue. Where should i look to resolve this problem

This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.

Relevant Pages

  • Re: Attack Vector type
    ... What identified the alert? ... Hard to determine what the 'vendor specific' algorithm is ... education and the case study affords you unmatched consulting experience. ... Computer Emergency Response Teams, and Digital Investigations. ...
  • Re: Combo Box returns Nulls Error
    ... in the data entry screen a User may add a record for a new vendor. ... were no current records for that vendor, I could just code a pop-up or ... The full list needs to be there because the User are looking for their ... and it's better just to alert them that there are no ...
  • Re: International Pricing Policy
    ... Marco Caspers wrote: ... The VISA number itself indicates you're from SA. ... If I go on holiday overseas I can buy pretty much ... over the Internet (by one vendor)? ...