PfSense and Nessus Scans

  • I just scanned my internal network for vulnerabilities with Nessus (

    The scanner flagged my 2.0.3 pfSense box with a critical error.

    FreeBSD 8.1 support ended on 2012-07-31.
    Upgrade to FreeBSD 9.1 / 8.3.

    I don't need to pass security audits, and I know pfSense has a very good security record, but this can be a red flag for auditors, especially nitpicky ones.

    My concern is getting stuck between a critical risk factor (justified or not, it's an audit), and using software labeled BETA (stigma that auditors and other folks have regardless of how good it is).

    It might be a red herring, but I thought I'd put it out there.  I just ran the scan and that's the only issue I cannot remediate (the other issues are reasonable, such as running UPNP and mDNS).

  • Nessus isn't smart enough to know we patch FreeBSD on our own as needed for security advisories. 2.0.3 has every security fix back ported that's relevant. A version check doesn't actually mean anything in this case. Nothing to see here.  ;D

  • If I get audited, I'm giving them a link to this post.  :)

Log in to reply