Device Fingerprinting is the process of gathering attributes about a specific device to create a unique identifier that can be used to track that device across the internet. Devices are identifiable even when cookies and logins are deleted.
The data collected includes operating system, browser type, screen resolution, plugins, and other detectable features. The consolidation of these attributes generates a unique fingerprint that can distinguish a device from other similar devices.
One advantage of Nodeware is the use of device fingerprinting. It allows Nodeware to prioritize scanning, assess risk, and ensures the correct sets of vulnerability tests are run on a device.
Nodeware performs a fingerprint scan prior to any vulnerability scan to check for any changes in the device, such as an OS upgrade or a new open port, and then make the necessary adjustments to its vulnerability scan profile. Fingerprint results are also used to detect End of Life (EoL) or End of Support (EoS) operating systems and devices as well as open ports, both of which are visible in the device details view.
MAC Vendor Results
Before a device is fingerprinted, Nodeware will display the detected MAC vendor information about a device. This is indicated by the Network Interface Card (NIC) icon below.
Once Nodeware has successfully fingerprinted the device, it will replace any MAC vendor result with the detected running operating system information.
Detection Methods
Nodeware will attempt to fingerprint the running Operating System on network assets by sending a series of TCP and UDP packets and analyzing the replies by a given device. When Nodeware is able to detect at least one open port or service, it will make its best assumption about the running OS. If a device does not have open ports, or is generally unresponsive to scanning after several attempts, it will be marked unresponsive and ignored for future fingerprinting attempts.
Windows and Windows-like devices with NetBIOS protocol produce the most accurate fingerprints with not only version information (e.g., Windows Server 2012 R2) but also build number (e.g., Windows Server 2012 R2 9600).
Additional data points related to vendor specific remote services and protocol implementations will also be analyzed and weighted based on specificity. Nodeware Agents utilize a local information gathering routine to return exact OS details. This routine runs periodically and at system reboot to capture updates to OS build version.
Incorrect Matches
Fingerprinting across a network is a best effort process that can produce incorrect matches. To fix an incorrect match and override the OS listed, do the following:
1. Log into the Nodeware Dashboard at https://app.nodeware.com.
2. Click Customer on the left side menu.
3. Click the Network Score.
A Network view of all assets appears.
4. Click the device in the list to enter the Single Device view.
5. Click the pencil or edit icon located next to the Operating System in the upper right corner.
The Override Operating System screen appears.
6. Enter the correct Operating System and click Save. This override will be reflected shortly in both the dashboard as well as any future reports.
Reports of incorrect matches are used to improve Nodeware’s detection capabilities.
Comments
0 comments
Please sign in to leave a comment.