[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Nessus and the Raq4
- Subject: RE: [cobalt-security] Nessus and the Raq4
- From: "Salzer, Tom" <tsal461@xxxxxxxxxx>
- Date: Tue, 30 Mar 2004 12:20:08 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Cory Hollingsworth wrote:
> I've just run Nessus against one of our fully patched Raq 4's and I'm
seeing a lot of Security Hole listings.
>
> There are 5 Security Holes reported for http alone. Now there is a
disclaimer in the Nessus report that this may be a false positive for each
reported hole.
>
> My question is has any one else run Nessus against their patched Raq4 and
if so how many of these reported holes are legit?
>
> I'm new to Nessus as well. So there might be a better selection of
options to use in my scan.
>
> Those of you that are using Nessus, what are you doing?
For scanning our RaQ 550 units, I run Nessus on an old PC loaded with Debian
Linux, and use NessusWX on my WinXP desktop for the interface.
Nessus runs with nmap, ping and SYN scan enabled. I enable all non-DoS
plugins.
Even though it takes much longer, I scan all ports (0-65535).
SecurityFocus has a good 3-part series on Nessus:
Part 1 -- http://www.securityfocus.com/infocus/1741
Part 2 -- http://www.securityfocus.com/infocus/1753
Part 3 -- http://www.securityfocus.com/infocus/1759
Foundstone (www.foundstone.com) has a free Windows-based scanning tool that
is faster and easier (IMHO) than Nessus called SuperScan 4.0, although it
provides far less feedback. From their home page, go to Resources, then
Free Tools, and look under Scanning Tools. (I use Nessus to establish a
baseline, then use SuperScan whenever I change the system.)
Enjoy,
Tom