PfSense and Nessus Scans
-
I just scanned my internal network for vulnerabilities with Nessus (http://www.tenable.com/products/nessus).
The scanner flagged my 2.0.3 pfSense box with a critical error.
FreeBSD 8.1 support ended on 2012-07-31. Upgrade to FreeBSD 9.1 / 8.3.I don't need to pass security audits, and I know pfSense has a very good security record, but this can be a red flag for auditors, especially nitpicky ones.
My concern is getting stuck between a critical risk factor (justified or not, it's an audit), and using software labeled BETA (stigma that auditors and other folks have regardless of how good it is).
It might be a red herring, but I thought I'd put it out there. I just ran the scan and that's the only issue I cannot remediate (the other issues are reasonable, such as running UPNP and mDNS).
-
Nessus isn't smart enough to know we patch FreeBSD on our own as needed for security advisories. 2.0.3 has every security fix back ported that's relevant. A version check doesn't actually mean anything in this case. Nothing to see here. ;D
-
If I get audited, I'm giving them a link to this post. :)