Re: Question on root credentials for scanning

[Todd Haverkos <infosec () haverkos com>]

vedantamsekhar () gmail com writes:

> I feel as most in the group says, it depends on the purpose of the scan. Probably we can do a Credentialed scan 
> before a server infra is about to be placed in DMZ and later on the periodical scans can be done with 
> non-credentialed scans. I know, performing credentialed scanning every time is ideal but in most cases, when a server 
> in production, it becomes un touchable. So, we may have to rely on Surface scanning, non-credentialed scans.
> Credential scans usually takes long time than surface scans.

Your last statement may be valid for some scanners, but for what it's
worth, it's 100% incorrect for Nessus users at least.  Their
credentialed scanner will shortcut full port scanning when using
credentials and it scrapes for listeners using netstat instead.  WAY
faster than querying all the ports, particularly with UDP.  I like
this feature quite a bit.

Granted a rootkit can hide listeners from netstat if you're dealing
with a compromised host, but the same can be said for external scans
being blind to services listening with portknocking on a compromised
host.    

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------