02233

Netværkssikkerhed
Network Security

• Introduktion
• Nessus Scan
• Nessus Questions
  • Question 1
  • Question 2
  • Question 3
  • Question4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
  • Question 16
  • Question 17
  • Question 18
  • Question 19
  • Question 20
  • Question 21
  • Question 22
  • Question 23
  • Question 24
  • Question 25
• Snort Questions
• References

Question 23

Suggest an IT policy for using Nessus internally?

Nessus should not be installed in a permanent location on the network. If you find Nessus on the network, people - administrators included - will run it when not supposed to. A test using the Nessus tools must be run once a month (on diffent week days) and actions based on the Nessus output must be documented in a report.

I (bjarne) don't agree with the above.

Designate at least two persons who have the exclusive rights to run Nessus. Their job description needs to be specified in detail as to what they are allowed to do in order for neither them nor the company to get into legal trouble (people have been fired for exceeding their job description even though it was done in the interest of the company [i92]). Each network segment should have it's own dedicated Nessus Server. [B1] recommends scanning once a day because the time from publication of an exploit to implemetation of said has decreased to under a month. If a daily scan can't be implemented, then scanning should be done in a round robin fashion so that each day of the week gets a scan on a regular basis.

Bjarne D Mathiesen

Michael Pantridge

Thabet Al-Assdi

Chang Jensen