search

teusink / Home-Security-by-Pi

Description on how I configured the installation and Security of Raspberry Pi and how I keep it fit for use and purpose.
MIT License
40 stars 11 forks source link

Execute Nessus Security Tests #8

Closed teusink closed 6 years ago

teusink commented 6 years ago

Execute Nessus Security Tests

teusink commented 6 years ago

Found vulnerabilities:

IP Forwarding Enabled Risk Factor: Medium CVSS Base Score: 5.8 CVSS Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

The remote host has IP forwarding enabled. An attacker can exploit this to route packets through the host and potentially bypass some firewalls / routers / NAC filtering. Unless the remote host is a router, it is recommended that you disable IP forwarding.

Because it has "router-like" features I am not going to disable this.

DNS Server Cache Snooping Remote Information Disclosure Risk Factor: Medium CVSS Base Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

The remote DNS server responds to queries for third-party domains that do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.

Because it only can be fixed by the vendor (with a patch) I cannot do anything about it, other than staying up-to-date and hope to get it fixed.

teusink commented 6 years ago

The IP Forwarding Vulnerability has been fixed with the addition of iptables and ip6tables.