Network Security

Question 20

How should access to the Nessus services be allowed?

Very restrictive. No normal user should be able to do a Nessus scan. You'll need to create some positions in the company that has the exclusive access to do the scanning.

Which firewall rules and protocols would be relevant?

Nessus needs complete access to every port and every machine, so if the scan is executed from the outside, the IP-number from which the scan is executed need to be opened in this way