03-05-2017 06:08 PM - edited 03-12-2019 02:01 AM
Our Internal Auditor is asking for SSH access to our ASA's to do Vulnerability Scan.
My first thought was "NO" then I thought about it more and I still think "NO".
Can anyone think why someone should have SSH access to the firewall to perform
this scan?
03-05-2017 09:12 PM
For a vulnerability scan my answer would also be "no". But perhaps they plan a config-audit (sand just used the wrong wording), and for that access to the ASA would be needed.
03-06-2017 04:25 AM
I could see a case for allowing their source address to access the ssh service on the ASA. That way they can legitimately check for ssh vulnerabilities. (Although I've recently heard of some folks getting dinged for false positive hits - I think one or more of the common scanning tools (cough *Nessus) is doing that).
Or you could just tell them it's locked down and it would open you up to vulnerabiliteis to change that configuration. Let them have at it scanning from an address that's not allowed ssh access. ;)
I would NOT give them an account though.
03-08-2017 05:40 AM
Thank you, A Nessus scan is exactly what they are doing. They are telling me now that they need to have root access to our firewalls. So I am not sure how to do that. Any thoughts?
03-08-2017 01:43 PM
I'd call "shenanigans" on that request.
If it was me and my management overrode me, I'd document in wirting that the access was given over my objection.
03-08-2017 02:04 PM
Thank you, I met with this person and pretty much determined he didn't know what he was doing with this scan and told him that I would do whatever the CSO wanted me to do ,,,,,but whatever the change is , it would be Very Temporary.
Thanks again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide