ASA w/IPS and Nessus question

mrthejaswi · ‎01-20-2010

Hi All,

I am planning on running a Nessus vulnerability scan against our external IP address space. I wanted to know if we need to make any changes to our firewall configuration to permit an effective scan. We have exempted Nessus traffic from being inspected by the IPS (I thought we needed to?).

I am concerned about the firewall detecting the numerous connection attempts originating from Nessus and dropping them, any suggestions/advice will help. I know I can limit this on the Nessus config but want the scans to complete in a reasonable amount of time.

Thanks in advance,

Regards,

TJ

Dileep Sivadas Padmini · ‎01-20-2010

Why do you want to give exemption in ASA for external testing.

The purpose of external testing is to verify the operations firewall against reconnaissance, scanning ,attack against your network.

You do not want to this will happen on your network correct? Then what you need to test.

Check what are vulnerabilities nessus can find out without any changes to the ASA. There will be many depending on your configuration.

Then find out ways ( may require configuration changes on asa or servers) to prevent this kind of future scans.

Also there is another method of testing called internal testing , where you can test your firewall and other systems that are exposed to outside network from your internal network. This is more convienent to find out vulnerabilities than run an external scan.

If your intension is to find out vulnerabilities in DMZ servers , then it is better to go for an internal testing ( exteranl ips are NATed to inside,dmz) .

Dileep