A lot of it depends on your workload on your i. If you're already deploying it for the rest of the network, it might still provide some value:

1. It won't do anything for your green screen/5250 applications. You'll need other things, e.g. integration with a SIEM using SRM. This would also require code changes to integrate this.
2. It's good at detecting change, eg a new service running or an old one disappearing. This might not necessarily be a sign of compromise, but if there's suddenly an additional service running on your IBM i that you didn't expect to be there, you probably want to take a look at that.
3. If you run Java (or other) web applications, the web app vulnerability scanner is very relevant. If you use Spring or other frameworks, those vulnerabilities become relevant to your IBM i, and if you've written web apps from scratch, the OWASP Top10 issues remain relevant. Since Java runs mostly under PASE, the generic exploit payloads that know how to deal with a Unix-like system will work on your IBM i as well.
4. It checks a compliance checkbox. If you're in a regulated industry, having visibility checks the box. It's going to be mostly meaningless from a technical perspective, but not having to spend valuable engineering/business time on fighting the auditors also has value.

False positives are more likely with systems they don't often see. When I point them at my VSEn deployment using the CSI TCP/IP stack, it finds all sorts of things that aren't there. You do have to triage those things.

/y

On 14/08/2024, 05:00, "MIDRANGE-L on behalf of Stuart MacIntosh" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx <mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of stuart@xxxxxxxxxxxx <mailto:stuart@xxxxxxxxxxxx>> wrote:


I've used Nessus although not with IBM i. Some of the issues it found
were irrelevant due to incorrect OS detection, did it detect the OS
correctly?


In my experience simply scanning some TCP/IP stacks/hosts with Nessus
was enough to reproduce issues with them or break applications. Nessus
is thorough and finds a lot. It finds too much sometimes, and there are
false positives to omit from reporting, conversely it may also miss
things especially for a niche OS like IBM i.


-Stuart


On 14/08/24 03:52, DEnglander--- via MIDRANGE-L wrote:
Does anyone use the Nessus vulnerability scanning software?

We have scanned our IBM i servers and the software is detecting a TCP/IP
vulnerability. I have created a case with IBM and they said that the
TCP/IP stack the vulnerability is referencing is not used by IBM.

Has anyone else experienced this?

Thank you

Doug



"CONFIDENTIALITY NOTICE: This e-mail transmission (and/or the attachments accompanying it) contain confidential information belonging to the sender. The information is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of the information is strictly prohibited. Any unauthorized interception of this transmission is illegal under the law. If you have received this transmission in error, please promptly notify the sender by reply e-mail, and then destroy all copies of the transmission."

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.