I am in the process of setting up existing scans with credentials for the first time and was hoping someone could help me with the following questions:
1) Can I supply a scan which contains both Windows and Unix hosts with both sets of credential types and expect that MVM will only apply the appropriate credentials to the host by the OS identified?
2) With credential scans will the traffic that is sent only be for what is appropriate to that OS identified? Or do I need to break down the scans by OS and select specfic checks for that OS.
In other words, currently my scans are setup by location and contain a large mix of OS types, and I am wondering if I will need to break up the scans by OS and only give it that set of creds or if I can still use the one big scan with both types of creds and expect no issues.
In reference to question 1:
Yes, as long as the scanner properly identifies the operating system, it should be able to "intelligently select the correct credentials." I don't run into much error..The credential manager in version 7 and up seems pretty solid.
Overall, you can throw all of your credentials in one bucket. Best suggestion is to test first- pick some test systems in each windows domain and of various flavors of unix if possible, all in one scan, and check your results.
One Tip- the Authenticated hosts file in the CSV report can help you determine what you authenticated to, with what mechanism, and at what level of access.
The report is a little primitive in that it won't tell you what scanner or what credentials the authentication attempt failed with.
In my experience using this tool for over 3 years, in the authenticated hosts csv, you may see a succeess and a fail for the same host- in this case the assumption is it failed with one credential then succeeded with another.
Hope this helps.
on 2/13/12 3:30:51 PM EST
Exactly as John said, it is possible to scan windows and unix hosts simultaneuously. One thing that you need to bare in mind is that you select all vulnerability checks (settings -> vuln Section) when you set up the scan, i.e. windows and shell vulnerabilities.
Another thing that you need to verify, if providing credentials for Unix environments is to, in "settings -> credentials" check the "Trust unknown remote-shell targets" as well as selecting the credential set to use.
Hope this helped you.
You may want to roll out your credentialed scans in phases/segments, watching the "authenticated hosts" list for oddities.
We found that in our environment, when the scanner was busy (i.e. doing several scans), it would intermittently lock out the scan user (credential) with excessive failed logins. But if I were to run the scan individually, it would succeed.
We figure that the busy scanner wasn't getting back to the host fast enough during the login sequence, and so the host was timing the login sequence out, leading to 'failures', and then a locked account. An easy fix, once we figured it out.
YMMV, of course.