As you mentioned yourself the objective is "OS Assessment" to achieve Re-Certification of Security Compliance, therefore the Firewall must be turned offline, inorder to avoid risk of a weakness not being detected.
Whether scripts are to run "on" the OS or "at" the OS externally, "OS Assessment" would be achieved if it is only "OS" being tested against scripts/checks. However later on, during penetration test, the Firewall must be turned on, since that is how it is suppose to be in the "real world". Regards -------- Muhammad Faisal Rauf Danka _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag --------------------------------------------------------------------------- ----------------------------------------------------------------------------
