Trusted scanning provides organizations with authenticated host-level configuration and security data, enabling users to manage vulnerabilities and policy compliance at a deeper level in their network. With user-supplied authentication credentials, the scanning engine is able to authenticate to target hosts and return important information, such as missing patches and current password settings, that can be used to ensure that each host on the network is in compliance with internal security policies.
These types of authentication are available: Windows, MS SQL Server, Unix, Oracle, Oracle Listener, SNMP, and Cisco IOS. All authentication types may be configured at the subscription-level. When authentication is enabled, the service automatically attempts authentication to target hosts, based on user-supplied credentials, for all scans launched by Managers, Unit Managers and Scanners.
For vulnerability scans, trusted scanning is optional but recommended. For compliance scans, trusted scanning is required. To use this feature, you must first create authentication records containing authentication credentials, and then enable the authentication feature in an option profile. See Getting Started with Trusted Scanning for a step-by-step guide to using this feature.
For vulnerability scans, trusted scanning is optional but recommended. When enabled and properly configured, the scanning engine has the ability to log in to each target host at the time of the scan and obtain system information that would otherwise not be available. For example, the scanning engine can detect installed service packs, hot fixes, security upgrades, package versions and patches. It can more accurately detect the operating system (e.g. distinguishing between Windows XP, Windows 2000, and Windows 2003), and detect the particular distribution and product on each host (e.g. distinguishing between various Linux distributions). Depending on the type of authentication, the scanning engine can also gather information related to system variables, registry keys, and system configurations.
With this information, the service can perform more in-depth vulnerability analysis, greatly increasing the number of vulnerabilities that may be detected. It can also confirm whether several potential vulnerabilities actually exist on the host.
Many vulnerabilities in the KnowledgeBase require authenticated scanning for detection. For more information about the vulnerabilities in the KnowledgeBase, see Vulnerabilities.
If the compliance module is enabled for your subscription, then users with compliance privileges can launch compliance scans to identify whether hosts are compliant with user-defined policies. Successful authentication to target hosts is a requirement for compliance scans. For this reason, authentication is automatically enabled in compliance profiles for all authentication types.
If authentication to a host is not successful, then no controls can be evaluated for the host and no compliance data can be collected for the host. If authentication to a host is successful, then the host can be evaluated for compliance. A policy compliance report called Authentication Report is available to identify whether authentication to hosts was successful for the most recent compliance scans. When authentication fails, the credentials used in the authentication attempt appear in the report so that you can troubleshoot the issue. See Running Policy Compliance Reports for more information.