Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Credential Scan Failures

by Cody Dumont
November 3, 2017

Credentialed scans provide comprehensive results that can help to detect outdated software, vulnerabilities, and compliance issues. Without proper credentials, analysts will not be able to obtain accurate information to properly assess an organization's risk posture. This report delivers lists of assets that have been scanned with incorrect or insufficient credentials, allowing for a quick resolution to scanning issues. Tenable.io has several plugins that track authentication or authorization failure.  

  • Authentication Failure - Local Checks Not Run (21745)
  • Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry (26917)
  • Microsoft Windows SMB Registry Not Fully Accessible Detection (10428)
  • Nessus Scan Information (19506)
  • Nessus Windows Scan Not Performed with Admin Privileges (24786)

These plugins work together to track different aspect of scan authentication and authorization failure.  The Nessus Scan Information plugin records if the scan was completed with credentials or not.  If the scan was used with credentials, then the username is also recorded.  The Authentication Failure - Local Checks Not Run plugin records the protocol used for authentication and reports if authentication is unsuccessful.  This plugin also provides information about how authentication occurs and what failed during the authentication attempt.  Both of these plugins are used in this report to provide information on which host are not using the supplied credentials.  The IT administrators and security operations teams need to investigate these issues and determine which credentials are needed for a successful scan.

For Windows computers, there are several other plugins that will trigger if the supplied credentials are valid to login, but not for privilege escalation.  Administrative rights are required to parse the registry and run many of the local checks needed to successfully assess the asset. Tenable.io supplies much of the information needed to ensure that your scans are successful, and provides helpful information when a scan is not successful.  

Cyber Exposure provides a disciplined approach to an operational security lifecycle, which aims to provide common visibility to Security and IT teams to identify and remediate security issues quickly and efficiently. As a foundational step in the lifecycle the Discover step identifies and maps every asset across any environment. To successfully identify each asset and assess the cyber risk, a credentialed scan is required.  Once the organization is successfully scanning all identified assets, the CISO and other business units can establish a common dialog for properly calculating the Cyber Exposure Gap, and reducing cyber risk across the modern attack surface.

Chapters

Executive Summary: This chapter provides a high level view of the credentialed scan failures from SecurityCenter on SMB Credential issues, SSH Credential Issues, Scans without Credentials and Windows-specific credential issues.

Credentialed Scan Failures by Protocol: This chapter provides a summary of failures associated with credentials broken down by SMB and SSH protocol and associated issues. The first three data sets leverage Nessus plugin 21745: ‘Authentication Failure - Local Checks Not Run’ and the resulting output to provide a granular view into SMB credentialed scan failures.  The filtered data provides a more specific view, allowing deeper insight into a SMB credential failure.  The final data group uses output from Nessus plugin 21745: ‘Authentication Failure - Local Checks Not Run’ to deliver SSH credential failures. The results are specific to login failures with supplied credentials only.

Hosts Scanned Without Credentials: This chapter provides a list of hosts scanned without credentials. The scans may have been run without credentials intentionally, or the credentials may have failed.  

Windows Specific Credential Issues: This chapter contains details the on events related to specific issues with Windows credentials. Many of the solutions to issues presented in this section are covered in the Tenable.io documentation. 

Category: 
Discover
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security