Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Problem

What do I need to do to prepare my If you're preparing your Windows server for a Security Design Review (SDR)

Solution

As part of a SDR the Information Security Team will need to run , one of the key steps involves facilitating a Nessus vulnerability scan on by the server. In order for the scan to run successfully the following changes will need to be made Information Security Team. To ensure this scan runs successfully, you'll need to make specific changes to the Inbound Rules on the in your Windows Firewall:.

...

  1. Access Windows Firewall

...

  1. Settings:

    • Go to the Control Panel

...

    • on your Windows server.

    • Click on 'Windows Firewall' and then select 'Advanced settings'. This will open a detailed settings panel for firewall configurations.

  1. Locate Inbound Rules:

    • In the Advanced settings, navigate to the 'Inbound Rules' section. This is where you'll modify rules to accommodate the Nessus vulnerability scan.

  2. Enable Key Rules:

    • Within the Inbound Rules, scroll to find the Windows Management Instrumentation (WMI) rules.

    • Specifically, enable the following rules: 'Async-In', 'DCOM-In', and 'WMI-In'. These are essential for the Nessus scan to communicate with your server.

    • Ensure that these rules are enabled for the Domain Profile.

...

  1. Limit Rules to the Nessus Server:

    • Right-click on each of the rules you have just enabled (Async-In, DCOM-In, WMI-In).

    • Choose 'Properties' from the context menu.

    • In the Properties window, select the 'Scope' tab.

    • Under 'Remote IP address', choose 'These IP addresses'.

    • Click 'Add' and enter the IP address for the Nessus server (e.g., 172.16.76.66

...

    • ).

    • After adding the IP address, click 'Apply' and then 'OK' to save your changes.

By following these steps, you’ll have successfully configured your Windows server's firewall to support the Nessus vulnerability scan, which is a critical component of the SDR process. This setup ensures that the Information Security Team can conduct their review efficiently and effectively.