cancel
Showing results for 
Search instead for 
Did you mean: 

Pre Scan Authentication testing

Jump to solution

I'm curious to see what others do to test authentication to targets prior to "full" scan execution.

The value in doing this of course is to make sure you can reach the hosts first time around(and not have to schedule another scan/change window to execute to hit those which you couldnt authenticate to, and also to avoid account lockouts.

Does anyone use the mcafee scanner to do this or, do you use batches or other utilities?

1 Solution

Accepted Solutions
McAfee Employee jhaynes
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Pre Scan Authentication testing

Jump to solution

The authentication mechanism in the MVM scanner relies on the windows OS for the authentication. On of the things you can do to is connect with the NET USE command and test your credentials, which internally is exactly what the scanner does.   You can also use the FSDiag tool to connect to a target to check your credentials.

Jeff Haynes

View solution in original post

6 Replies
McAfee Employee jhaynes
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Pre Scan Authentication testing

Jump to solution

The authentication mechanism in the MVM scanner relies on the windows OS for the authentication. On of the things you can do to is connect with the NET USE command and test your credentials, which internally is exactly what the scanner does.   You can also use the FSDiag tool to connect to a target to check your credentials.

Jeff Haynes

View solution in original post

dramon
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Pre Scan Authentication testing

Jump to solution

For a single server scan, we sometimes just mount the drive with the credentials, this ensures that the credentials work on that machine. This is valid for windows only of course

rcg921
Level 9
Report Inappropriate Content
Message 4 of 7

Re: Pre Scan Authentication testing

Jump to solution

Reviving this question. I have about 80 UNIX boxes that I would like to test the credentials on before performing a scan. Is there a way to do this witjhout having to setup a scan and watch the process and stopping the scan after the logins are attempted? By doing it this way, i would need to look at the logs for all the successfuly logins.

Running mvm 7.5

ritch
Level 9
Report Inappropriate Content
Message 5 of 7

Re: Pre Scan Authentication testing

Jump to solution

I would suggest a scripted (bash) approach that uses ssh with the credentials, this can be piped into a log file and then inspected.

Ritch

rcg921
Level 9
Report Inappropriate Content
Message 6 of 7

Re: Pre Scan Authentication testing

Jump to solution

I found a workaround. I selected the asset discovery template (which has no vuln checks) and then selected one MS patch to look for (same with Red Hat). That causes it to login to check for missing patches. Sinces its just one patch to look for, its fast.

Re: Pre Scan Authentication testing

Jump to solution

This is exactly what we have been doing for 2 years now.

Works good-just pick checks not likely to be superseded

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community