An SMB account must be used that has local administrator rights on the target.File & Printer Sharing must be enabled on the system to be scanned.The Remote Registry service must be enabled on the target or the credentials used by Nessus must have the permissions necessary to start the remote registry service and be configured appropriately.The Windows Management Instrumentation (WMI) service must be enabled on the target.In order to use the ISO scanners to perform a credentialed scan of a Windows system, the following settings are required by Nessus: With this in mind, ISO will create accounts on one of the Nessus scanners for departmental security administrators to do their own credentialed scans.
Information Security Office (ISO) runs Nessus scanners that are capable of running these credentialed scans however, without accounts on the local machines, we are unable to use this functionality. Examples of the sorts of checks that a credentialed scan can do include checks to see if the system is running insecure versions of Adobe Acrobat or Java or if there are poor security permissions governing a service. Credentialed scans are scans in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network.
0 kommentar(er)
