Target Preparation

Owned by Rebecca.Dewey
Last updated: Jun 06, 2012Version comment

Target Preparation

Firewall rules

  • Firewall Be sure your firewall rules are set the way you want. If you decide to allow the scanner through the firewall (i.e., more access than other hosts would have), you may be able to scan more of the services running on your host. If you do not allow the scanner through the firewall (i.e., the same access as everyone else on the Tufts network), then the scan results will show you the view others would see if they scanned you. Both can be useful.
  • Source IP The scanner's IP is 130.64.14.63.
  • ICMP Echo Requests some Nessus scan profiles use ICMP echo requests (pings) to determine whether a host is alive and needs to be scanned. If your firewall blocks ICMP echo requests, be sure to use a scanning profile that does not ping before scanning an IP.

Ensure Dev and Test are Separate from Prod

  • If you plan to scan dev or test boxes before scanning your production architecture (and it's recommended that you do), be sure that your dev/test architecture is separated from your production architecture. For example, an architecture with a test webserver that is connected to a test database, but on a production database server, intermingles test and prod. A scan of that architecture could have spillover effects onto the prod database server.

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.