As performing a vulnerability scan or audit with an account lacking sufficient privileges may result in incomplete result, scanning solutions must be provided with privileged authentication and access levels to access the end system.
Since accounts used are privileged ones, following are the strategies Tenable recommends to avoid any kind of misuse:
1. Implement compensating controls for privileged accounts to limit risk, such as:
a. Log monitoring for when the account is in use outside of standard change control hours, with alerts for activities outside of normal windows.
b. Perform frequent password rotation for privileged accounts more often than the “normal” internal standard.
c. Enable accounts only when the time window for scans is active; disable accounts at other times.
d. On non-Windows systems, do not allow remote root logins. Configure your scans to utilize escalation such as su, sudo, pbrun, .k5login, or dzdo.
e. Use key authentication instead of password authentication.
2. Use Nessus Agents where available.
3. If you do not grant an exception with compensating controls, perform a scan with an account having lower privileges than what Tenable recommends and observe any missing results. Modify the account privileges so that all expected results are shown. Changes to the audit file or plugins may impact results later.
Please refer below URLs for more details:
Happy Learning !!
No comments:
Post a Comment