Hi all. Up until now, we've mostly been using Nessus to probe exploits on a system without using credentialed checks. I'm wanting to change that to be able to more effectively enforce certain policies before allowing machines to be placed on certain parts of our networks.
I'm trying to determine the best way to do this and am interested in hear from some of you as to what you've found are "best practicies". The goal is to not only complete an initial scan, but to regularly scan these hosts once they are deployed. This means leaving the accounts that Nessus used on the systems. I want to do this securely as possible. It looks like on the Unix/SSH side I could set up a generic account on each system and allow authentication with SSH keys. On the Windows side I'm not quite as sure. * Do I need an account with Administrator level access? Or will a Power User do? Recommendations? We want to be able to check for missing updates, and eventually do Policy Compliance * It looks as if I can provide an SMB username and password with various hashes. Perhaps Kerberos as well? How do you handle your credentialed accounts on deployed systems? Obviously the risk with a passworded account is that this password gets out. Anyways, looking forward to any feedback / advice. Will be perusing the archives as well. Ray _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
