Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

ISA Proxy Scan

 

 

Nessus users RSS feed   Index | Next | Previous | View Threaded


Vijay.V2 at cognizant

Feb 17, 2009, 4:38 AM

Post #1 of 2 (4732 views)
Permalink
ISA Proxy Scan

Hi,

We are about to run a VA scan on ISA 2006 proxy servers (deployed on
Windows 2003) in our environment. Please let us know the availability of
Nessus policies (plugins) to test the security of the underlying server
and the correctness of ISA setup and configuration.

Thanks in advance.

Kind Regards,
Vijay
Global Infosec Team
Cognizant India









This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful.


rgula at tenablesecurity

Feb 17, 2009, 6:21 AM

Post #2 of 2 (4383 views)
Permalink
Re: ISA Proxy Scan [In reply to]

Vijay.V2 [at] cognizant wrote:
> Hi,
>
> We are about to run a VA scan on ISA 2006 proxy servers (deployed on
> Windows 2003) in our environment. Please let us know the availability of
> Nessus policies (plugins) to test the security of the underlying server
> and the correctness of ISA setup and configuration.
>
> Thanks in advance.
>
> Kind Regards,
> Vijay
> Global Infosec Team
> Cognizant India
>

Hi Vijay,

If you go to http://www.nessus.org/plugins/index.php you can search the
Nessus plugins that are available. Typing in "ISA" there were several hits
for for Microsoft ISA vulnerabilities.

I suggest that you perform a full credentialed audit of the ISA firewall
to see what ports are open, what OS patches could be needed and to see
if there are any other types of software installed that could be vulnerable.

Also, since you mentioned configuration, if you are referring to a Nessus
.audit policy for ISA firewalls, this is not something we've developed or
currently working on at Tenable. If you write an audit policy for ISA
firewalls and want to share it with other Nessus Profession Feed subscribers,
I suggest you post it to the Discussions forum located here:

https://discussions.nessus.org/index.jspa

Ron Gula
Tenable Network Security












_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.