Many administrators who opt to perform a Credentialed Patch Audit will either create a local administrator account on all hosts to be scanned or will use an existing administrator account for this purpose. Since this method of testing may rely on actually exploiting the service in question, this method of testing carries a degree of risk associated with it, as well as a high number of false positives and false negatives.Ĭredentialed Patch Audits differ from this by instead logging into the target hosts with configured credentials and checking to see if those hosts are patched against known vulnerabilities. These blackbox tests are launched against the various services running on a target, and depending on the way that service responds, Nessus reports its judgment on whether that service is affected by the tested vulnerability. This is opposed to the basic, blackbox network-based unauthenticated scan that entails launching several network-based vulnerability tests against a set of hosts. In this post, we will be discussing authenticated scans such as the Credentialed Patch Audit offered by Nessus. We will then show you how to leverage this weakness yourself as a proof-of-concept and show you how to remediate this vulnerability so that you are no longer affected.Īuthenticated vs. In this blog post, we will be covering a misconfiguration common in Nessus installations across organizations and detailing how this misconfiguration can have lethal consequences for your network’s security posture. Security is a complex goal and requires in-depth knowledge of the inner workings of your systems and how they interact with each other.
Nessus is the vulnerability scanner of choice by administrators and security professionals alike, but adding a security appliance to your network doesn’t necessarily make you more secure. If used, it is the equivalent of saying, “Welcome to the network! Oh, and here’s the admin password for all our assets!” to every host that appears on your network. There is a terrible, yet surprisingly common, Nessus authenticated scanning configuration that could be the bane of your network during a compromise.
Have you configured Nessus to betray you? Introduction
0 kommentar(er)
