Unauthenticated Scans
Unauthenticated scans are vulnerability scans that do not use any credentials or accounts to login into assets. The scans provide an assessment of the ports in use, services running, applications, OS, etc. This would be the same view an attacker would have with no credentials.
By default, the Nodeware sensor performs unauthenticated scans. Credentials can leverage WINRM (Windows) or SSH (Mac and Linux).
Nodeware is a Security Content and Automation Protocol (SCAP) based scanner that performs vulnerability tests, known as plugins. They are composed in the Open Vulnerability and Assessment Language (OVAL) and are gathered from both public and private sources, then combined into a single feed that syncs to the Nodeware Sensors automatically. As a scan is initiated, it retrieves the latest plugins available through a differential update process that only transmits changes.
Authenticated Scans
Authenticated scans (Credentialed scans) are vulnerability scans that use valid accounts (username and password) to access the asset. For Nodeware agents, administrative credentials are needed. For Nodeware sensors, it is highly recommended that a service account is created with administrative privileges. User accounts should not be used.
With authenticated scans, Nodeware can perform a thorough assessment of the asset to see ports in use, services running, applications, OS patch level, etc. with in-depth information about the asset. This would be the same view an attacker would have with user/elevated credentials.
Authenticated scan is enabled either by adding credentials to an asset or installing a Nodeware Agent on an asset. Agents are self-configuring, network-based assets that require the selection of a benchmark to be run against an asset. Benchmarks are operating system specific and are based on security updates and bulletins published by the vendor and other feeds, such as the National Vulnerability Database (NVD).
To enable authenticated scanning, refer to the Enabling Credentialed Scanning article in the Scanning section.
Comments
0 comments
Please sign in to leave a comment.