Home page logo
/

basics logo Security Basics mailing list archives

Re: Nessus Scan
From: "Erik Luken" <eluken () pentarch org>
Date: Wed, 15 Aug 2007 16:29:06 -0500

Check into using Ambiron. They are the largest PCI vendor to my knowledge.

Now if I could convince my bosses to dump the half-baked outfit we are using...

----- Original Message ----- From: "Chris Halverson" <darus.integration () gmail com>
To: <mikef () everfast com>
Cc: <security-basics () securityfocus com>
Sent: Wednesday, August 15, 2007 2:39 PM
Subject: Re: Nessus Scan


Consider finding a different PCI Scanning vendor.  We are struggling
along the same lines but this is an issue that may only be solved by a
host based firewall that forbids opening of ports not standardized /
allowed.

On 15 Aug 2007 14:31:15 -0000, mikef () everfast com <mikef () everfast com> wrote:
After a recent external PCI Compliant scan one of my web servers failed because the scanner determine that "a port was open at the beginning of the scan, and is now closed...". I've tried all sorts of things to get this corrected the results remain. I talked with our scanning vendor they don't seem to have answer as to how to correct the problem. When I do a Nessus Scan on the site, Nessus reports the issue as a security note and risk factor of '0', however the my PCI scanning vendor reports the problem as a risk factor of 4 thus causing the server to fail the scan and resulting a non-compliance report.


I haven't been able to find anything on how to address this issue. Where should i look to resolve this problem






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]