Recently I had to add the IP of a customer's technician that had to make a vulnerability to my CSF whitelist
so he can complete the vulnerability test to one of my servers, because CSF was blocking it just when he
started a port scanning (which is good).
However he sent a report stating that a lot of ports are open, putting me to shame, and now I am wondering if I did something wrong.
If that is the case what are the recommended steps for this situations
What are the permissions allowed to an IP added to CSF whitelist?
-
virtualorbis
- Junior Member
- Posts: 9
- Joined: 24 Sep 2012, 15:58
Re: What are the permissions allowed to an IP added to CSF whitelist?
For a start he should be performing the penetration test as a hacker would see the server. Which means that he shouldn't have requested you to whitelist his IP address, in my opinion.
But as CSF is blocking IP addresses by assessing from the logs how often they hit the server, it still means the ports are open. If you're using those ports, they need to be open. No shame in that. If you're not using those ports, then they should be closed.
But as CSF is blocking IP addresses by assessing from the logs how often they hit the server, it still means the ports are open. If you're using those ports, they need to be open. No shame in that. If you're not using those ports, then they should be closed.