RE: Question on root credentials for scanning

["Mikhail A. Utin" <mutin () commonwealthcare org>]

You would need to be more specific to get info you are looking for.
If you use Nmap, yes you need to start it under root (Linux/Unix) account. Use nmapfe, and will learn faster. Plus, it 
will warn you about the account.
If you mean vulnerability scanners, for Windows OS you need domain admin level account to get "inside" your network 
Windows hosts.

Mikhail A. Utin, CISSP
Information Security Analyst

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shobana Narayanaswamy
Sent: Thursday, September 22, 2011 11:59 AM
To: security-basics () securityfocus com
Subject: Question on root credentials for scanning

Hi:

I am a newbie to security and scanning. Here is my question:

Do you generally need root credentials in order for the scan to produce detailed results? When I run a scan without 
root credentials, it comes up very little info. However, when I supply root credentials, I get several useful reports. 
It appears that the scanner detects the OS version and other s/w component versions only if it is provided root access.

Thanks


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------