Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Credentialed Scan Failures

by Henry Kuhfeldt
February 23, 2016

Credentialed Scan Failures

Credentialed scans provide more detailed results that can help to detect outdated software, vulnerabilities, and compliance issues. Without proper credentials, analysts will not be able to obtain accurate information to properly assess an organization’s risk posture. The Credentialed Scan Failures report delivers an organized list of failed credentialed scans that analysts can use to quickly remediate scanning issues on a network. The report covers a 25 day scanning history and provides a breakdown of various Windows scan issues and SSH failures, as well as general credential failures.  The chapters in this report provide an overview of the monitored failures, while the remainder of the report is dedicated to detailed accounts of those failures.  A series of plugins are used to leverage the Nessus plugin output data to provide granular results. Using a combination of plugins and results from Nessus, Tenable.sc can identify credential failures while scanning. Organizations will find this report useful when reviewed on a daily or weekly basis. The report is organized in a manner that provides timely information that analysts can use to correct any credentialed scan failures. This report uses the following plugins:

  • 10428: - Microsoft Windows SMB Registry Not Fully Accessible Detection
  • 19506: - Nessus Scan Information
  • 21745: - Authentication Failure - Local Checks Not Run
  • 24786: - Nessus Windows Scan Not Performed with Admin Privileges
  • 26917: - Microsoft Windows SMB Registry: Nessus Cannot Access the Windows Registry

This report uses output from plugin 21745 to determine the service Nessus tried to use for login (SMB or SSH), as well as the nature of the failure. The failure could result from a variety of issues, such as bad credentials or a general socket failure while accessing the service.  Using the output from 19506, the report filters out the successful credentialed checks from the un-credentialed checks. The remaining three plugins, 10428, 24786, and 26917, are specific to Windows environments and can be useful in troubleshooting issues with access to patch and registry information, which will assist in properly identifying patching and security issues. Scanning without credentials is a valid method for identifying what is visible to the scanner and an initial assessment of the exterior attack surface of a system; properly configured credentialed scans are able to look beyond the surface and identify potential issues that may not be apparent. Scans without credentials should go into their own repository so that they do not interfere with the vulnerabilities identified by credentialed scanning.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed by selecting category Monitoring. The report requirements are:

  • Tenable.sc 5.2
  • Nessus 8.4.0
  • This report requires “Full Text Search” to be enabled for each analyzed repository.

Tenable.sc Continuous View (CV) is a scalable continuous network monitoring solution that identifies the biggest risk management system that identifies the biggest risk across the entire enterprise. Tenable’s products allows for the most comprehensive and integrated view of network health. Nessus and Tenable.sc are continuously updated with information about advanced threats and zero-day vulnerabilities, as well as new types of regulatory compliance configuration audits, allowing organizations to respond to new threats as they emerge.

Chapters

Executive Summary: This chapter provides a high level view of the credentialed scan failures from Tenable.sc on SMB Credential issues, SSH Credential Issues, Scans without Credentials and Windows-specific credential issues.

Credentialed Scan Failures by Protocol: This chapter provides a summary of failures associated with credentials broken down by SMB and SSH protocol and associated issues. The first three data sets leverage Nessus plugin 21745: ‘Authentication Failure - Local Checks Not Run’ and the resulting output to provide a granular view into SMB credentialed scan failures.  The filtered data provides a more specific view, allowing deeper insight into a SMB credential failure.  The final data group uses output from Nessus plugin 21745: ‘Authentication Failure - Local Checks Not Run’ to deliver SSH credential failures. The results are specific to login failures with supplied credentials only.

Hosts Scanned Without Credentials: This chapter provides a list of hosts scanned without credentials. The scans may have been run without credentials intentionally, or the credentials may have failed.  This section uses Nessus plugin 19506 filtered to exclusively return results that indicate that no credentialed checks were performed as part of a successful scan.

Windows Specific Credential Issues: This chapter contains details the on events related to specific issues with Windows credentials. Many of the solutions to issues presented in this section are covered in the Tenable.sc 5.2 documentation on the Tenable Support Portal. This section uses the following plugins, presented in the same order as they are used.  Nessus Plugin 10428 ‘Microsoft Windows SMB Registry Not Fully Accessible Detection‘ collects a list of hosts in which Nessus was able to log in and access the registry, but there were keys that it could not check due to lack of full administrative rights.  Nessus Plugin 26917 ‘Microsoft Windows SMB Registry: Nessus Cannot Access the Windows Registry’ collects hosts where the registry was completely inaccessible, such as instances of having the Windows Remote Registry (winreg) turned off. 24786: ‘Nessus Windows Scan Not Performed with Admin Privileges’ provides the count of hosts that allowed login with the supplied SMB credentials, but were not administrator accounts.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training