In order to get a deeper look into a device's potential vulnerabilities, it is necessary to perform local checks and queries on the device itself. This is accomplished through Credentialed Scanning, which is configured in the Sensor Web Portal on a per-Sensor basis as seen in Fig. 1.
FIG 1 - Sensor Web Portal config view
You can provide 3 types of credentials to use during vulnerability scans:
NOTE: You can only use 1 of each type of credential.
- SMB (Windows Domain) Credentials
- Can be Domain Admin accounts or local accounts
- Reads installed software registry entries in read-only mode
- SSH (Secure Shell) Credentials
- Local Linux security audit framework
- Reads installed software package information
- ESXi (VMware) Credentials
- Test ESXi hosts for configuration and version errors
FIG 2 - Create Scan Credential form
Enable Credentialed Scanning
- From the config view of the Sensor Web Portal, click the switch to the right of the Credentialed Scanning header and verify it displays ON
- Click Add New to launch the Create Scan Credential window, seen in Fig. 2
- Enter a recognizable Credential Alias, the Username, and the Password twice. Then select the type of credential you are creating and click Create
- Your credential is now active, similar to Fig. 3, and will be used in new scans
FIG 3 - Credentialed Scanning enabled with valid credentials
Disable Credentialed Scanning Temporarily
You can at any time temporarily disable Credentialed Scanning by clicking the switch next to Credentialed Scanning and verifying it displays OFF. Any current running scans will complete with credentials if applicable, but all new scans will run without credentials. It can be reenabled at any point by following the steps above.
Disable Credentialed Scanning Permanently
You may wish during the course of utilizing your Nodeware Sensor to remove all credentials and disable Credentialed Scanning to move the Sensor to a new environment.
- Disable Credentialed Scanning by clicking the switch next to Credentialed Scanning and verifying it displays OFF
- Click Delete in the Action column next to all of your credentials until they are all removed
- Revoke the license key associated with the Sensor to stop and remove all running scans and remove the credentials from memory.
For more information about resetting all data on your Nodeware Sensor, see the Sensor Reset knowledge base article.
Credential Storage Security
All credentials entered into your Nodeware Sensor configuration are immediately hashed and stored on the Sensor securely. The credentials are not transmitted to the cloud at any time and cannot be recovered by support staff or accessed by Nodeware software in plain-text format.
Because of these security measures, credentials cannot be updated. To update or change a credential, you will need to delete the existing credential and recreate it.