Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Authentication Summary

by Cesar Navas
October 17, 2019

Cyber Exposure requires the data collected by the vulnerability scanner to be trusted and verifiable.  Nessus provides several plugins that assist in understanding the scan status and provides a level of trust to risk managers.  This dashboard brings together all the plugins used to determine if an asset was successfully authenticated during the vulnerability scan. 

Authentication can be defined by connecting to a system and providing credentials in order to gain access to the system. Nessus scans systems by using different network protocols (SSH, SMB, HTTPS, SNMP, etc.) in order to gain access to the remote target asset. For example, logging in to a remote host via SSH using a username and password is a method of authentication. Each remote asset can authenticate using several protocols. Assets with more than one authenticatable protocol, for example Windows server running a SQL server, could report both authentication success and failure.  Understanding this fact during analysis is key to understanding is the system was successfully scanned or not.  While in many cases the successful authentication of an asset may seem binary, there are many examples of successfully scanned systems with authentication failures.  The system administrator should review all the failures and understand the services which are enabled on the asset for a complete analysis.

Local checks are a feature in Nessus scans, which enable the scanner to perform security checks on the target asset. Different authentication protocols may allow for general checks to be performed locally, but when all possible checks are completed, Nessus does a more detailed Local Check.  The Local Check always requires authentication and often requires elevated privileges.  Local checks for major operating systems with security advisories numbering in the thousands are often grouped into their own plugin family, but local checks plugins also exist in other families such as Firewalls or Misc.

Enabling local checks is much more complex than authentication and occurs after successful authentication has been established. In order to enable local checks, the following criteria must be satisfied:

  • The target device or operating system must be identified
  • Local checks must be available in Nessus plugins for the identified device or operating system
  • The information needed to enable local checks for that particular device or operating system must be obtained from the remote host
  • Except in particular circumstances, such as scanning localhost, remote authentication must first be successful before local checks can be enabled - but the threshold to enabling local checks is higher than the threshold for successful authentication. 

To ensure the scans report the most complete and accurate information Local Checks are a requirement.  Users can enable local checks by providing credentials with elevated privileges and/or administrative access or deploying Nessus Agent.  Without elevated access, the ability for Nessus to successfully identify risk on a system is diminished. The more access to a system Nessus has, the more complete the risk analysis is..

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Monitoring.

The dashboard requirements are:

  • Tenable.sc 5.12.0
  • Nessus 8.7.2

This dashboard provides the organization with a clear and simplified method to track and troubleshoot authentication related problems.  By grouping authentication plugins into diagnostic context, the dashboard allows administrators to apply focus to areas of concern. The data helps facilitate the Fix and Measuring steps to the Cyber Exposure Lifecycle.  Tenable.sc is the on-prem solution for understanding a comprehensive picture of the network, while keeping the data under the organization’s control. Built on leading Nessus technology, Tenable.sc discovers unknown assets and vulnerabilities, and monitors unexpected network changes before they turn into breaches.

This dashboard contains the following components:

Authentication Summary - Authentication Plugin Indicator:  The plugins in this component are used in many environments to understand and troubleshoot authentication problems.

Authentication Summary - Local Authentication Ratio:  This matrix provides a summary view of the plugins used to determine if Local Authentication is possible.  

Authentication Summary - Summarize local checks status:   This matrix provides a summary view of Local Check performance, meaning if the local checks were enabled or not.  

Authentication Summary - SMB Authentication Detection:  This bar chart provides a summary view of all the Server Message Blocks (SMB) plugins, which are used to understand the success of Windows Asset Scanning.

Authentication Summary - Windows Access Checks:  This matrix provides the administrator with a good indication of the scan health of Windows systems.    

Authentication Summary - Nessus Scan Summary Credentialed Summary:   This component displays a matrix using the “Nessus Scan Summary (19506)” plugin to report on authentication status.  

Authentication Summary - Summarize Authentication Status:  This matrix provides an overall authentication summary of the systems that have been scanned.      

Authentication Summary - SSH Authentication Detection:   This bar chart provides a summary view of all the Secure Shell (SSH) plugins, which are used to understand the success of Linux or network device Asset Scanning.   

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.