Home page logo
/

basics logo Security Basics mailing list archives

Re: Nessus Scan
From: "Chris Halverson" <darus.integration () gmail com>
Date: Wed, 15 Aug 2007 13:39:59 -0600

Consider finding a different PCI Scanning vendor.  We are struggling
along the same lines but this is an issue that may only be solved by a
host based firewall that forbids opening of ports not standardized /
allowed.

On 15 Aug 2007 14:31:15 -0000, mikef () everfast com <mikef () everfast com> wrote:
After a recent external PCI Compliant scan one of my web servers failed because the scanner determine that  "a port 
was open at the beginning of the scan, and is now closed...".  I've tried all sorts of things to get this corrected 
the results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the 
problem. When I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', 
however the my PCI scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan 
and resulting a non-compliance report.


I haven't been able to find anything on how to address this issue. Where should i look to resolve this problem




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]