PfSense and Nessus Scans



  • I just scanned my internal network for vulnerabilities with Nessus (http://www.tenable.com/products/nessus).

    The scanner flagged my 2.0.3 pfSense box with a critical error.

    
    FreeBSD 8.1 support ended on 2012-07-31.
    Upgrade to FreeBSD 9.1 / 8.3.
    
    

    I don't need to pass security audits, and I know pfSense has a very good security record, but this can be a red flag for auditors, especially nitpicky ones.

    My concern is getting stuck between a critical risk factor (justified or not, it's an audit), and using software labeled BETA (stigma that auditors and other folks have regardless of how good it is).

    It might be a red herring, but I thought I'd put it out there.  I just ran the scan and that's the only issue I cannot remediate (the other issues are reasonable, such as running UPNP and mDNS).



  • Nessus isn't smart enough to know we patch FreeBSD on our own as needed for security advisories. 2.0.3 has every security fix back ported that's relevant. A version check doesn't actually mean anything in this case. Nothing to see here.  ;D



  • If I get audited, I'm giving them a link to this post.  :)


Log in to reply