|
>> But what will protect my customer data and the server ?
> 1. Minimal server: Do not install anything on your nessus server which
is
> not required for nessus. (Dedicated machine and hardened OS!) That's what i got, for now my firewall is doing the
connection, but it is on it way out.
But i was concerning about the reports themself and
that why i was anxious about.
But may be i wasn't very clear.
> 3.
Seperation: Do not install nessus in your own user environment
unless
I have decided 2 uses for "my"
Nessus.
First, as you suggest i'm definitly for another
computer on the same network for Nessus "real work" (nessusWX) and protect this
computer with the firewall. Then no problem right ? :)
Second is via webclient and is supposed to be
available throught the web. So my server got Debian, Nessus and Apache and
nothing more. When i launch a test throught the web client, i got reports on my
server. Protecting those or saving them somewhere will put away my fear about
"wide open solution".
So how is it look like ? :)
Yoni
|
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
