To obtain a deeper analysis into a device's potential vulnerabilities, it is necessary to perform local checks and queries on the device itself. This is accomplished through Credentialed Scanning, which is configured in the Nodeware Portal dashboard on a per-Sensor basis for each customer. To configure/enable Credentialed Scanning, the Admin Role for Nodeware is required.
By default, the Nodeware sensor performs unauthenticated scans. Credentials can leverage WINRM (Windows) or SSH (Mac and Linux). Before enabling credential scanning, ensure that WinRM and SSH is enabled in the environment. See the links below for guidance on enabling credential scanning WinRM and SSH.
WinRM
Account requirements: WinRM Scanning Requirements
Enabling WinRM: https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management
SSH
To enable credentialed scans over SSH, the remote host must have SSH running on port 22 and visible from the sensor network location.
Account requirements
- Sudo access is required for privilege escalation, without it results will be limited based on account visibility
- Password-based authentication
macOS
Enable SSH access: https://knowledge.autodesk.com/support/smoke/troubleshooting/caas/sfdcarticles/sfdcarticles/Enabling-remote-SSH-login-on-Mac-OS-X.html
Linux
Enable SSH access: https://www.cyberciti.biz/faq/ubuntu-linux-install-openssh-server/
Note: Nodeware doesn’t support credentialed scanning from our external scanners.
To enable Credentialed Scanning, do the following:
1. Log into the Nodeware Dashboard at https://app.nodeware.com.
2. Click Customers.
3. Click the Settings icon on the customer where credentialed scanning will be enabled.
4. Click Credentialed Scanning.
5. Click Add Credential.
The screen below appears.
6. Enter a name for the account.
7. Select either Windows Remote Management (WinRM) or Secure Shell (SSH).
8. Enter Domain (optional).
9. Enter a Username and Password. It is recommended that complex passwords are used.
10. The Administrator Account is selected by default. For agents, administrative credentials are needed. For sensors, it is highly recommended that a service account is created with administrative privileges. User accounts should not be used.
11. Select Use TLS (Requires WS-Management HTTPS) when it is enabled in the environment. It keeps the connection encrypted end to end, but it requires a certificate and correct configuration. It is highly recommended it, but it is not enabled by default.
12. Click Add Credential.
The credential is now active and can be used in new scans.
Comments
0 comments
Please sign in to leave a comment.