If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
We run a network based scanner, similar to Nessus, to check for
vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. |
Ads |
#2
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
"tealblue" wrote in message ... We run a network based scanner, similar to Nessus, to check for vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. I don't have an answer but your question makes me ask you a question: Do you really want a firewall with the capability of being shut off remotely? Your request seems to be counter-productive to me. If you do accomplish this, are the clients you refer to people or boxes? If they are people and you do this as a service, what will they're reaction be when they find out you are disabling their protection? I'm sorry, but it sounds more like you are trying to defeat in-place security than enforce it. Hey maybe I'm totally off base here, but I personally will not buy a firewall that some Joe Schmoe can disable remotely from the comfort of his own home before hacking my box! Anyone? Anyone? --ScareCrowe |
#3
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
I would think a better representation of the security of your network would
be done with the firewall inplace. A firewall is part of your security, why take it down? The computer is operated with the firewall running on an every day basis right? Scanning with the firewall up will reveal what is getting through the firewall. That is the important information. What is getting through your firewalls. hth DDS W 2k MVP MCSE "ScareCrowe" wrote in message ... "tealblue" wrote in message ... We run a network based scanner, similar to Nessus, to check for vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. I don't have an answer but your question makes me ask you a question: Do you really want a firewall with the capability of being shut off remotely? Your request seems to be counter-productive to me. If you do accomplish this, are the clients you refer to people or boxes? If they are people and you do this as a service, what will they're reaction be when they find out you are disabling their protection? I'm sorry, but it sounds more like you are trying to defeat in-place security than enforce it. Hey maybe I'm totally off base here, but I personally will not buy a firewall that some Joe Schmoe can disable remotely from the comfort of his own home before hacking my box! Anyone? Anyone? --ScareCrowe |
#4
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
I am not talking about a home environment,, I am an IT Admin and I need to
scan machines on my internal network for vulnerabilities that go beyond what AV software and the firewall can protect.. I am looking for guidance on how to take the firewall down for **seconds** while we do this scan. "ScareCrowe" wrote: "tealblue" wrote in message ... We run a network based scanner, similar to Nessus, to check for vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. I don't have an answer but your question makes me ask you a question: Do you really want a firewall with the capability of being shut off remotely? Your request seems to be counter-productive to me. If you do accomplish this, are the clients you refer to people or boxes? If they are people and you do this as a service, what will they're reaction be when they find out you are disabling their protection? I'm sorry, but it sounds more like you are trying to defeat in-place security than enforce it. Hey maybe I'm totally off base here, but I personally will not buy a firewall that some Joe Schmoe can disable remotely from the comfort of his own home before hacking my box! Anyone? Anyone? --ScareCrowe |
#5
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
Find out what port(s) your security scanner requires and open up that up on
the Windows firewall. "tealblue" wrote: We run a network based scanner, similar to Nessus, to check for vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. |
#6
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
As an admin, I need to know what is on the desktop as well. Does the user
have their AV in place and up to date? Do they have spyware running? I know this seems strange, but philosophically we have a tough time relying solely on the desktop to safegaurd itself. I am not really in a position to discuss the philosophical merits of each appraoch; I am looking for some technical guidance. thanks. "Danny Sanders" wrote: I would think a better representation of the security of your network would be done with the firewall inplace. A firewall is part of your security, why take it down? The computer is operated with the firewall running on an every day basis right? Scanning with the firewall up will reveal what is getting through the firewall. That is the important information. What is getting through your firewalls. hth DDS W 2k MVP MCSE "ScareCrowe" wrote in message ... "tealblue" wrote in message ... We run a network based scanner, similar to Nessus, to check for vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. I don't have an answer but your question makes me ask you a question: Do you really want a firewall with the capability of being shut off remotely? Your request seems to be counter-productive to me. If you do accomplish this, are the clients you refer to people or boxes? If they are people and you do this as a service, what will they're reaction be when they find out you are disabling their protection? I'm sorry, but it sounds more like you are trying to defeat in-place security than enforce it. Hey maybe I'm totally off base here, but I personally will not buy a firewall that some Joe Schmoe can disable remotely from the comfort of his own home before hacking my box! Anyone? Anyone? --ScareCrowe |
#7
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
"tealblue" wrote in message ... I am not talking about a home environment,, I am an IT Admin and I need to scan machines on my internal network for vulnerabilities that go beyond what AV software and the firewall can protect.. I am looking for guidance on how to take the firewall down for **seconds** while we do this scan. Well IMHO, here is the bottom line: If you are able to disable the firewall, even temporarily, then you are 100% vulnerable, 100% of the time. Period. I'm no guru, but I know that if I can do something like this, so can the 'hacker'. I'm getting the impression you know more about the specific vulnerability than you are telling. Perhaps you could be more forthcoming with the details and someone could help you further? --ScareCrowe |
#8
|
|||
|
|||
Configuring Windows XP SP2 Firewall for Network-based Scanning
The easy answer is to find out what port your scanning service uses and open
it with the scope set to the scanning machines. Unfortunately, many scanning utilities don't always work over a fixed port. The ipsec bypass feature was created just for that purpose. It relies on the authentication of the incoming peer using ipsec, then consults the Active Directory against a group policy defined set of allowed computers which can access all ports. It requires a minimal ipsec policy rollout, typically using kerberos authentication. You'll also want to create a speicifc security group for your scanning machines. there's a firewall deployment guide on Microsoft.com (and maybe the technet articles as well) which can walk you through this feature. -- David Microsoft Windows Networking This posting is provided "AS IS" with no warranties, and confers no rights. "tealblue" wrote in message ... We run a network based scanner, similar to Nessus, to check for vulnerabilities on client machines. Assuming Windows XP is running, is there a way to administratively be able to take the firewall down, or open up a port, so we can complete the scan. Ideally, no user interactiion or intervention would be required. Thanks. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Computer Update | Gerald Evans | The Basics | 5 | January 17th 05 09:54 PM |
SP2 and very slow bootup | pierreangiel | Windows Service Pack 2 | 2 | December 14th 04 11:33 PM |
How To Completely Uninstall IE6 on Windows Xp | bt | Windows XP Help and Support | 2 | December 8th 04 05:07 PM |
Computer Freezes randomly since installing XP SP2 | Fred | Windows Service Pack 2 | 3 | October 20th 04 03:46 AM |
Best way to install SP2 ?? which is ?? | Avid Gamer | Windows Service Pack 2 | 8 | September 25th 04 08:58 PM |