RE: Nessus Scan

["Erin Carroll" <amoeba () amoebazone com>]

This is incorrect.

Remember, PCI external quarterly scanning for compliance is required in 11.2
of the PCI guidelines to ascertain the effectivess and PASS/FAIL status of
your security controls around customer CC data and PII. This includes the
IPS/IDS/FW systems. Disabling IPS/IDS or other tools would almost guarantee
a FAIL status report. You might as well turn off your firewalls too while
you're at it. If your Approved Security Vendor is requiring that you do turn
off IPS etc I would strongly suggest finding another ASV.


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 


> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Craig Wright
> Sent: Wednesday, August 15, 2007 12:48 PM
> To: mikef () everfast com
> Cc: security-basics () securityfocus com
> Subject: RE: Nessus Scan
>
> Why is the port open ?
>  
> Remember that you have to disable all IPS and such tools 
> before the scan for the scan vendor.
>
>
>
> Craig Wright
> Manager of Information Systems
>
> Direct : +61 2 9286 5497
> Craig.Wright () bdo com au
> +61 417 683 914
>
> BDO Kendalls (NSW)
> Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney 
> NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au
>
> Liability limited by a scheme approved under Professional 
> Standards Legislation in respect of matters arising within 
> those States and Territories of Australia where such 
> legislation exists.
>
> The information in this email and any attachments is 
> confidential.  If you are not the named addressee you must 
> not read, print, copy, distribute, or use in any way this 
> transmission or any information it contains.  If you have 
> received this message in error, please notify the sender by 
> return email, destroy all copies and delete it from your system. 
>
> Any views expressed in this message are those of the 
> individual sender and not necessarily endorsed by BDO 
> Kendalls.  You may not rely on this message as advice unless 
> subsequently confirmed by fax or letter signed by a Partner 
> or Director of BDO Kendalls.  It is your responsibility to 
> scan this communication and any files attached for computer 
> viruses and other defects.  BDO Kendalls does not accept 
> liability for any loss or damage however caused which may 
> result from this communication or any files attached.  A full 
> version of the BDO Kendalls disclaimer, and our Privacy 
> statement, can be found on the BDO Kendalls website at 
> http://www.bdo.com.au or by emailing administrator () bdo com au.
>
> BDO Kendalls is a national association of separate 
> partnerships and entities.
>
> ________________________________
>
>
> From: listbounce () securityfocus com on behalf of mikef () everfast com
> Sent: Thu 16/08/2007 12:31 AM
> To: security-basics () securityfocus com
> Subject: Nessus Scan
>
>
>
> After a recent external PCI Compliant scan one of my web 
> servers failed because the scanner determine that  "a port 
> was open at the beginning of the scan, and is now closed...". 
>  I've tried all sorts of things to get this corrected the 
> results remain. I talked with our scanning vendor they don't 
> seem to have answer as to how to correct the problem. When I 
> do a Nessus Scan on the site, Nessus reports the issue as a 
> security note and risk factor of '0', however the my PCI 
> scanning vendor reports the problem as a risk factor of 4 
> thus causing the server to fail the scan and resulting a 
> non-compliance report.
>
> I haven't been able to find anything on how to address this 
> issue. Where should i look to resolve this problem