Security Basics mailing list archives

Re: Need Some Basic Information

From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 20 Dec 2011 16:31:42 -0600

Thugzclub Thugzclub <thugzclub () googlemail com> writes:

I am only interested in host based scanners that can report on
vulnerable products. I know that Nessus can solve this problem using
credentialed scan, but what issues are there with credentialed
scans?


Mostly just political ones.  For some strange reason, groups are often happier to let you install
an agent than give you admin credentials.

If the political fight to get creds is surmountable in your
organization, you'll end up with lots more visibility and up to date
plugins using a tool from a security vendor than relying on "missing
patch" info out of a systems management vendor who'll only tell you
that you have a risk for issues for which the vendor has issued a
patch.

You may have to fight to get domain admin or local admin creds to scan
your windows hosts, get accounts and sudo privs on unix hosts (some
scanners support unix ssh public key auth +sudo and su...and some do
not--super useful in environments where remote root logins follow best
practices and aren't allowed), get the network folks to part with an
enable password if doing network device scanning.

Passive vulnerability scanning (where you divine off the wire, whether
vulnerable client software is in use based on headers and protocols
seen) is an interesting in between stop from network only vuln
scanning and full credentialed scanning.   Works well if you can get a
passive vuln scanner in line with the traffic of interest, and there
are no political battles. 


--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Need Some Basic Information, (continued)
- RE: Need Some Basic Information William Baltas (Dec 19)
- Re: Need Some Basic Information Fábio Soto (Dec 19)
  - Re: Need Some Basic Information Todd Haverkos (Dec 19)
    - Re: Need Some Basic Information Fábio Soto (Dec 20)
    - Re: Need Some Basic Information Thugzclub Thugzclub (Dec 20)
    - Re: Need Some Basic Information Shane Anglin (Dec 20)
    - Re: Need Some Basic Information Thugzclub Thugzclub (Dec 20)
    - Re: Need Some Basic Information Todd Haverkos (Dec 20)
    - Re: Need Some Basic Information Shane Anglin (Dec 20)
    - Re: Need Some Basic Information Jeffrey Walton (Dec 20)
    - Re: Need Some Basic Information Todd Haverkos (Dec 20)
- Re: Need Some Basic Information Steve Armstrong (Dec 20)