02233

Netværkssikkerhed
Network Security

• Introduktion
• Nessus Scan
• Nessus Questions
• Snort Questions
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
  • Question 16
  • Question 17
  • Question 18
• References

Question 5

How can you reduce log information in case of Nessus scan against a Snort installation?

First of all, are we here talking of a hostile or a friendly scan?
In the case of a friendly scan this is a know (periodic) activity, and you can thus simply drop logging any activity from the scanning Nessus server.
In the general case, there're "Event Tresholding" and "Event Suppression" in accordance with section 2.2 and 2.3 in [i43]

Bjarne D Mathiesen

Michael Pantridge

Thabet Al-Assdi

Chang Jensen