Below is a good starting point and takes you via screenshots through
the basics. If networking skills are a little rusty, look up TCP/IP
Illustrated Volume I (The Protocols) by Dr. Stevens as refresher in
client/server models. Getting firewall rules sets and border router
ACLs setup to filter properly will depend on your knowledge of the
topic. Remember the direction of flows when writing filter lists of any
kind. If you suspect something is not working the way you intended, the
quickest resolution is placement of a laptop on the inside, and another
on the outside. Next punch a hole in your firewall and/or ACL for the
external (outside) and internal (inside) networks. Also remember these
tools have a purpose. It was a two million dollar outage that I was
troubleshooting for ten hours because our Information Assurance Green
Team set Nessus to run automated and had their flags wrong. The result
was a DoS from the inside of the network, and with all the
disinformation that we received, it took way too long to figure it out.
These scans can mimic worms, and without Netflow, Microflow, NBAR, CAR
and a few other QoS tricks that have been setup as part of Continuity
planning, your network can quickly turn into a ping pong table with
hundreds of routers and layer three switches amplifying 2-16 different
types of ICMP, unlimited amounts of half opens, UDP flooding, and the
worst TCP retransmits that never get a syn/ack from the other end which
brings your network to it's knees. The result is a great deal of
stress, sleep deprivation, hunger, dehydration and general
unpleasantness (Especially if you haven't had a cup of coffee when you
get lit up).
http://www.securityfocus.com/infocus/1741
Respectfully,
-C
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
