Any Vista clients that join the forest get an IPSec policy to take advantage of new functionality called IPSec Negotiate Discovery. WS03SP2 and XPSP3 once released will have this also and we have backport QFEs for WS03SP1 and XPSP2 so you won't just see this on Vista.
These machines (Vista, WS03 SP2, XP SP3, XPSP2+ND QFE, WS03SP1+ND QFE) only allow incoming communications via IKE (IPSec) and nothing in the clear. Outgoing Communications are negotiated (IPSec and in the clear simultaneously). If it can successfully negotiate IPSec then it will use that otherwise fallback to the clear. This allows for stronger security especially for mobile clients and potentially all clients if other technologies are implemented. If Nessus is sourcing from a forested Vista install, then it should be able to communicate and perform it's authenticated assessment when targeting other clients in the forest. If Nessus is sourcing from a non forested client or installed on a non-windows platform, then authenticated checks will always fail since Nessus does not talk IPSec. Will there be any effort to develop Nessus communications so that it too will attempt to negotiate IPSec or fail back to clear channel? If this moves forward, what is the perceived impact to scan times when considering a global enterprise consisting of multiple Oses? Regards - _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
