Page MenuHomePhabricator
Create Task
Maniphest T222097

scan external ranges with current Nessus rulesets
Closed, ResolvedPublic0 Estimated Story Points
Actions

Description

We know anyone can scan us at any time, we would like to broadly scan anything externally exposed with Nessus.

Note: adding traffic as a heads up

The plan is to report High and above and anything that seems irregular back to the rest of the organization.

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved chasempT222097 scan external ranges with current Nessus rulesets
Restricted Task

Event Timeline

chasemp triaged this task as Medium priority.Apr 29 2019, 6:44 PM
chasemp created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 29 2019, 6:44 PM
chasemp added a project: Traffic.Apr 29 2019, 6:44 PM
chasemp updated the task description. (Show Details)
Restricted Application added a project: SRE. · View Herald TranscriptApr 29 2019, 6:44 PM
ema moved this task from Backlog to Radar/Not for service by Traffic on the Traffic board.Apr 30 2019, 11:47 AM
chasemp added a subtask: Restricted Task.May 16 2019, 4:41 PM
chasemp updated the task description. (Show Details)
chasemp added a comment.May 16 2019, 4:45 PM

A few scans of all ranges didn't turn up too much scary. A collection of mediums that are mostly SSL shenanigans or weak SSH ciphers etc. T222392 was the most pressing thing I found and it seems to be squared away. I'm thinking we need to scan weekly and report on High or above for awhile and maybe someday we can bring that down to medium. I need to write up some more docs on this process but the initial idea was to scan and see where we stand.

chasemp closed this task as Resolved.May 16 2019, 4:45 PM
chasemp claimed this task.

If anyone is curious to see the results Security-Team can share but at this point I'm not going to put it all up in phab.

sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:11 PM
ayounsi closed subtask Restricted Task as Resolved.Aug 22 2019, 3:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL