[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Checking for non-viable Admin Accounts in Inet Scanner



In the Internet Scanner product, there is a significant dependency in
Windows environments on having an Admin account, in order to gain full
access to the windows host.  

 

In my experience, an admin account is used that has rights to all hosts
that are being scanned, and these are scanned every night.

 

What I've observed is that is the domain admin account has been locked
out, or even is it is within the 7 day window where the user is prompted
if they are going to chance the password, then the account used for
scanning is not granted access to the hosts, and therefore the scanner
can't access the full hosts.  Effectively, the scanner is prevented
from produce a viable report of the vulnerabilities because it didn't
have access to the host.  

 

Has anybody identified this before?  Has anyone identified a mechanism
where the scanner admin is notified that the scan wouldn't have accurate
vulnerability data, because it didn't have access to the windows host?

 

I'm looking for any insights, tools, work-arounds, and procedural
accommodations that would address this issue of having scans that have
incomplete data, because the account used to scan didn't have access.

 

Dan Widger

Security Engr

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.