hi...One of my friend had recently launched his Internet cafe..there was discussion with him for what and why things need to be done or taken for care for securing the internet cafe. i was bit worried as i he was only relying on Antivirus software...Which i think not enough...
required yours suggestion pls...

Thanks

Being responsible as an Infosec admin, i have to scan the 30000+ systems (laptop,desktop,servers, Devices). I am using nessus scanner to scan.
Challenge i m finding is to export the CSV and then take out Falsepositives.Then i need to implement action of resolving the vulnerabilties by forwarding to technical teams. Also it very difficult to keep the track of vulnerabilities on excel.

Lookin for the best practise & automate process of vulnerability tracking so as to work on proactive solutions and to identify the count of vulnerabity reported on each system through every scan cycle

Thanks

Since the SUBINACL is working fine...looking for proactive solutions via Group policy...ANy suggestions....

Hi johnson,
tried the given solution still the vulnerability persist.
Also in tool i find below details of vulnerability

Plugin Output
Negotiated cipher suite: AES128-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=AES(128)|Mac=SHA1

need help to understand the nessus findings

Hi,
In most of the windows 2003 storage server reported vuln for
Multiple Vendor RPC portmapper Access Restriction Bypass by Nessus and recommended solutions is
"Apply the relevant patch from the referenced documents for EMC Legato
Networker and IBM Informix Dynamic Server.  If a different application
is being used, contact the vendor for a fix."
Unable to understand the fix....

Does RPC port mapper 111 is used by Storage ...?
looking for disabling the port thru registry if any...?

kindly suggest

Hi..

Through Nessus scanner i am finding lost of vulnerability related to SSL/TLS

Vul : SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability on w2k3 & 2008 servers as well

I had applied all the mentioned solution from Microsoft of disabling the SSLv2 and TLS 1.but still struggling to fix the same.
Kindly suggest the solutions

Thanks

CEH have good scope across globe .

Also i would like to add "Hackers";Die hard 4 & Italian Job (role of napster)to some extent.

Any way.. to check what nessus is doing to detect such vulnerability ?Also I am  only resposible for mitigations,Scanning is done by Separate team. How in technical terms i need to investigate the case or what question i need to do o the scanner team. should i ask for any logs....?

vulnerabilities reported in HP/UNIX 11.23 for “Symantec VERITAS Enterprise Administrator Service (vxsvc) Multiple Integer Overflows”
Though applying required patch “PHCO_42173” Nessus scanner is reporting same vulnerability for the server again
Kindly let me know if any had faced such issues...

You got it right Data_Raid....reported vulnerability are on IIS servers.
with the same Nessus Plugins ID.

In my recent scan of Nessus i found most of the system reported with "SSL Medium Strength Cipher Suites Supported". I tried the solutions mentioned in "http://blogs.iis.net/sakyad/archive/2008/12/11/enforcing-ssl-3-0-and-removing-weak-encryption-vulnerability-over-ssl-iis-6-0-and-isa.aspx" but some of the servers are still reported for vulnerability.
Kindly suggest the way out for resolving the same in more than 1000+ server remotely.

Hi,
there are vulnerabilities related to settings as well, related to MS patches taken care by Remote deployment tool.
Pls find the attached for the details of vuln reported
Wondering for the setting issues.

Hi,
Since i am scaning with nessus tool more than 15000 machines on which i am finding more than 200+ different vulnerabilities. Since i filtered False positive i m finding nearlt 190 odd vulnerabilities.
Looking for some automate tools to fix the Nessus reported vulnerabilities remotely.

thanks in Advance

Hi,
being the system admin, i am looking for resetting local admin password of Windows 7 machines remotely. We are implementing Unique password policy for each and every systems.
Kindly suggest any tool or script to reset the password remotely, as i was working in pspasswd tool  which doesn't works for windows 7 machines

Thanks in advance.