I am sorry, this might be a dumb question. I have used a few VA tools like nessus, retina, etc for a couple of weeks now. They are great tools which provide great (sometimes very lengthy) info on open ports, running services, missing patches. Some other tools might provide more info, tips on dealing with issues, etc.
My question is how to deal with the report it generates. Nessus, for example generates a very lengthy report on each machine, possible threats and some remedies. It would say that TCP port 1027 is open on a server. After investigating it is found that it was popularly used for the ICKiller trojan. Now, I know for sure that there no Trojan on that server. So, how do I deal with this.??
In general, my question would be how do I deal with VA scan reports in general?? I can apply patches, close ports, stop services, after making sure that it is not needed.
But sometimes I am not even sure if that port is needed like TCP 1027. What do I do then??
Please advice.
Links/articles/howtos would be great as well.
Thanks.
My question is how to deal with the report it generates. Nessus, for example generates a very lengthy report on each machine, possible threats and some remedies. It would say that TCP port 1027 is open on a server. After investigating it is found that it was popularly used for the ICKiller trojan. Now, I know for sure that there no Trojan on that server. So, how do I deal with this.??
In general, my question would be how do I deal with VA scan reports in general?? I can apply patches, close ports, stop services, after making sure that it is not needed.
But sometimes I am not even sure if that port is needed like TCP 1027. What do I do then??
Please advice.
Links/articles/howtos would be great as well.
Thanks.