3 Replies Latest reply on Jun 16, 2010 2:45 PM by jhaynes

    Credential Scans and Score

      Just wondered if anyone had answers or insight to these two questions (We are on Foundstone 6.7):

       

      1. What kind of permissions, in both UNIX and on Windows 2003, are required for the credential scan to be effective. There is a KB article that states you have to have local admin rights to scan WIN 2008 servers but nothing really on Windows 2003. What has been your experience with credential scans and are they worth it.

       

      2. Your Score - We have a large number of UNIX systems, some with Oracle and we have a large number of false positives. We have implemented the ticketing system and acknowledged these alerts as such but this does not change your score. Any thoughts or experience with this?

       

      Thanks

       

      John

        • 1. Re: Credential Scans and Score
          jhaynes

          Hi John,

           

          Windows Credential Requirements:

          A combination of registry and file system access is required and is best accomplished with a local administrative account.. The reason is that once the scan engine has authenticated to a target two different connection are attempted to determine the level of access.

            - The Scan engine attempts to access the targets registry via the Remote Registry Service.

            - File system access is attempted by connecting to both C$ and Admin$.

           

          Shell Credential Requirements:

          Please read KB54752

           

          Foundscore Question:

          This is a common question that takes a little digging into to understand. Most the time it comes down to that it only takes a few vulnerabilities to adversely affect your Foundscore. Once you drop down below a certain point it takes fixing quite a few vulnerabilities before you will see the Foundscore move. I've attached the 6.7 Enterprise Manager Admin Guide to this post. Please go to page 30 and read through the documentation and let me know if you have any questions and I'll try and help you out.

           

          Jeff Haynes

           

           

          Message was edited by: Jeffrey Haynes on 6/16/10 1:38:35 PM CDT
          • 2. Re: Credential Scans and Score

            Thank you for the answers. Maybe hard to answer but will setting vulnerabilities to ignore or false-positive and then acknowledging them have any effect on the foundstone score?

             

            Thanks

             

            John

            • 3. Re: Credential Scans and Score
              jhaynes

              On Page 25 of the 6.7 Enterprise Manager Guide it says this.

               

              Note: Tickets marked as Ignore will affect future scan reports. Future scans

              that find this vulnerability on this machine will not record this vulnerability for

              this machine on future scan reports.

               

              What that means that we will not change the existing Foundscore but since the vulnerability will be considered a false positive or ignored on the next scan the Foundscore will automatically correct itself.

               

              Jeff Haynes