Five steps for improving Authentication Vulnerability Scanning

You cannot protect things you don't know. Although this is not a mantra in the IT security field, when you look for security vulnerabilities from the perspective of "trusted" users, or in other words, perform a vulnerability scan through identity authentication, this principle is true.

By configuring a vulnerability scanner to log on to the host you are testing, you will see the rest of the story-security aspects that are often ignored to save time or money, or because of complexity. The truth is that although it takes more time to perform an identity verification scan, from the perspective of discovered vulnerabilities (and ultimately mitigated risks, this vulnerability scan is 10 times better than a non-identity verification scan.

The security team can follow the following five methods to more effectively prepare and execute Authentication Vulnerability Scanning and make full use of the results:

1. know in advance the system that requires authentication for scanning

This may include all Windows and Linux-based systems, or a few computer components (such as servers or working groups ). In addition, you must consider scanning Web applications, databases, and all network hosts that allow or require authentication through telnet, FTP, ssh, SNMP, and other protocols. Many commercial vulnerability scanners (such as nexpose and threat ard) provide various methods for scanning. If hackers outside your network or malicious users start to use authentication scanning, you also need to do so.

2. determine the user role level you want to scan

We recommend that you use at least administrator or root-level logon creden。 to scan for most vulnerabilities. However, by scanning different user roles (such as manager-level roles or basic user roles), you can better understand the resources that can be viewed and used by each user group. To a certain extent, the more user roles you test, the better the result you get (but in some cases there will be a law with a decreasing effect ). When you see that your results do not change based on the permissions, you will know when it is appropriate.

3. Set a user account for the authentication Scan

In this way, the password is not required for the First Login (this is a general setting for Active Directory group policies and some Web applications ). If you forget this, your scanner will prompt you to change the password when you log on for the first time. Of course, this cannot be done. You may not know the situation, and then continue scanning. Several minutes later (may be longer), you will realize that authentication is not available and you will need to start scanning again. Through the Web vulnerability scanner, you may need to create a login macro to allow you to test. For some reason, most network vulnerability scanners do not provide the option to test your logon credential before you start scanning. The only scanner that I know has this function is the old Harris STAT Scanner and nexpose of rapid7. This seems to be commonplace, but in the long run, this function can save you a lot of time and avoid a lot of trouble.

4. First, ensure that the web host's authentication vulnerability scan will not cause problems

That is to say, this may cause problems in the production environment, especially when scanning Web applications. No matter what you scan, it will consume CPU, disk, and network cycles, log files and databases may be filled up, and user accounts may be locked. I suggest you first run an authentication scan on one or two systems to see what side effects will be, and then expand to scan thousands of systems.

5. Generate HTML or workbook reports by vulnerability sorting

Many security vulnerabilities may be discovered during authentication scanning, especially when you view the results in traditional PDF reports. I found that generating HTML or spreadsheet reports by vulnerability sorting is the best way to view the findings. When you sort out the vulnerability results, you can save a lot of time by viewing things more easily and clearly (such as the host or webpage affected by each vulnerability, in addition, the final report or repair plan can be generated more simply than a host can be viewed at a time.

Using a vulnerability scanner to correctly perform a vulnerability scan is similar to taking a photo using a digital SLR camera. Anyone can use this tool, but it does not mean that you know how to use it effectively, and it cannot guarantee positive results.

The more times you perform the authentication scan, the more skills you will learn, which will make your use more efficient. In this way, you can better discover vulnerabilities in a shorter period of time, help enterprises reduce risks, and then get everything done. Why not? (Transfer)

Five steps for improving Authentication Vulnerability Scanning