Mark pages according to the proprietary level of information or remove Scanning Efficiency Credentialed scans are more efficient Traditional network only scans involve pinging and probing thousands of ports on each host This is taxing to the network infrastructure as well as the target syste ID: 558682
Download Presentation The PPT/PDF document "Vulnerability Scanning with Credentials" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Vulnerability Scanning with CredentialsSlide2
Scanning Efficiency
Credentialed scans are more efficient.
Traditional network only scans involve pinging and probing thousands of ports on each host. This is taxing to the network infrastructure as well as the target system.Several scanners will each attempt to simultaneously connect to hundreds of ports on dozens of targets. This many open connections is hard on the network equipment and scans have to be throttled as to not overwhelm the hardware.Each attempted connection has to wait for success or timeout. With credentials checks there is no time wasted on trial and error.With credentials available only a handful of connections are opened to login and gather data.OS and processes are 100% known so only applicable checks are performed resulting in less network and target system overhead.
2Slide3
Scanning Security
Credential scans with a service account are more secure.
In order to perform credentialed scans without a service account credentials must be created and gathered on each host individually.The scanning group does not have access to the targets so the job of keeping account info up to date and secure is left to the server owners.Centralized Password Management Ensures password rotation and complexity follow StandardsReduces risk of unencrypted password transmissionAccount Management - Account would not be shared by any other user or service
3Slide4
Scanning Accuracy
Credentialed scans are deeper and more accurate.
OS fingerprinting is 100% accurateThis information is also useful in updating our system of recordsThe scanner can view running processes, determine open ports, perform system compliance/audit analysis, and evaluate attached devicesAbility to see vulnerabilities which do not present themselves externally until there is interaction from a user or another trigger
False positives are dramatically reduced with perfect information
Without credentials some things that appear to be vulnerabilities can only be verified with an attempt to exploit. This could harm system performance so in most cases it is left as a possible false positive.
4Slide5
Example
Non-Credentialed Scan
Output5Slide6
Example Credentialed
Scan Output (Same system)
6Slide7
Further Reading
http://www.tenable.com/blog/protecting-scanning-credentials-from-malicious-insiders
https://www.tenable.com/blog/the-value-of-credentialed-vulnerability-scanning7Slide8