![]() It turns out the reason for this error was because the customer was using a private-only server, and our portal runs and scans on the public network. My team-ACS-Security-assists customers with Nessus vulnerability scanning through the IBM Cloud portal so I started investigating this. They had tried to initiate a Nessus vulnerability scan from the portal on their server, but they couldn’t get the scanner to initiate. The customer shared with me this error: “Error: An IP address is required to start a security scan request.” Recently, I worked with a customer who told me that they were having errors running Nessus Vulnerability Scans through our portal. IBM Cloud customers want options, and especially for those who use our tools, they want to get work done faster and without any limitations. If this is the case, once the credentialed scan is performed, it is advisable to return the system to its previous state.How to use our API to initiate scans on Windows and Linux. PLEASE NOTE: Some of the settings above may, in some environments, actually decrease the security of a system. If this is the setting on your box, you will need to change it to "Classic - local users authenticate as themselves". On some Windows installations, this is set to "Guest only - local users authenticate as Guest" by default. ![]() In that window go to Local Policies -> Security Options -> Network access: Sharing and security model for local accounts. To check if a system has a "Guest only" sharing and security model go to the Control Panel, open "Administrative Tools," and then "Local Security Policy". Since these are enabled by default and can cause other issues if disabled, this is rarely a problem. IPC$, ADMIN$, C$) must be enabled (AutoShareServer = 1). The default administrative shares (i.e.Two common problems are the SEP configurations that block off the scanners even after the scanners is authenticated and a network access model that sets network access to "Guest only" permissions (see below for information on changing this). Ensure that no Windows security policies are in place that blocks access to these services.Information on what IP block to open in the firewalls can be found here: What is the source network for security scans conducted by Information Security and Policy? Ports 139 (TCP) and 445 (TCP) must be open between the Nessus scanner and the computer to be scanned.ISO is currently in the process of testing this and looking for potential workarounds. According to Tenable, the company behind Nessus, in Windows 7 it is necessary to use the Administrator account, not just an account in the Administrators group. A non-administrator account can do some limited scanning however, a large number of checks will not run without these rights. An SMB account must be used that has local administrator rights on the target.File & Printer Sharing must be enabled on the system to be scanned.The Remote Registry service must be enabled on the target or the credentials used by Nessus must have the permissions necessary to start the remote registry service and be configured appropriately. ![]() The Windows Management Instrumentation (WMI) service must be enabled on the target.In order to use the ISO scanners to perform a credentialed scan of a Windows system, the following settings are required by Nessus: With this in mind, ISO will create accounts on one of the Nessus scanners for departmental security administrators to do their own credentialed scans. Information Security Office (ISO) runs Nessus scanners that are capable of running these credentialed scans however, without accounts on the local machines, we are unable to use this functionality. Examples of the sorts of checks that a credentialed scan can do include checks to see if the system is running insecure versions of Adobe Acrobat or Java or if there are poor security permissions governing a service. Credentialed scans are scans in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |