Skip to content
This repository was archived by the owner on Apr 3, 2025. It is now read-only.
This repository was archived by the owner on Apr 3, 2025. It is now read-only.

3.2: Perform Authenticated Vulnerability Scanning #10

Open
Open
3.2: Perform Authenticated Vulnerability Scanning#10
@codydumont

Description

@codydumont
codydumont
opened on Sep 19, 2019

-- issue 1
The issues around what is credentialed scans has been coming up a lot.

The metrics you mention are incomplete. The issue is really at this point you need to combine many of the other metrics together.
At a high level you need these metrics:

  1. Systems scanned (all supported protocols for the OS Type)
  2. Systems scanned, but the OS has a low confidence level - This is very important as the OS detect determines the credentials used, and if the OS detection is wrong, so will the authentication.
  3. Systems scanned and the OS has a high confidence level - most likely will have the correct creds.
  4. Systems scanned of certain type and the OS detection is high. - The issue here is two systems, for example a Cisco Router and Debian, use SSH, but the creds are not the same. So you will want to separate out those aspects.
  5. Systems scanned where no authentication was attempted - in this use case, the OS was detected and the scanner could have used creds, but for some reason no authentication attempt was made.
  6. Systems scanned where authentication was attempted but the creds are bad - this helps people identify a mis-config or bad creds.
  7. Systems scanned where authentication was good, but not root access - in this case the creds used worked, but did not have privileges to run the needed scan.
  8. Systems scanned where authentication was good, but some checks failed - this could be permissions at the file level, missing files, etc.
  9. Systems scanned where authentication was good, and all checks where completed without errors.

The sub-control should really have metrics for all these instances. And then give examples of various levels at and several common OS's. Listed below are a few links to explain this steps in more detail using Tenable.sc.

https://www.tenable.com/assurance-report-cards/tracking-debian-ubuntu-and-kali-authentication-scan-results
https://www.tenable.com/assurance-report-cards/tracking-cisco-juniper-and-paloalto-authentication-scan-results
https://www.tenable.com/assurance-report-cards/tracking-solaris-authentication-results
https://www.tenable.com/assurance-report-cards/tracking-red-hatcentos-authentication-scan-results
https://www.tenable.com/assurance-report-cards/tracking-windows-authentication-scan-results

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions