When you configure a scan or policy's Credentials, you can grant the Tenable Nessus scanner local access to scan the target system without requiring an agent. This can facilitate scanning of a large network to determine local exposures or compliance violations. As noted, some steps of policy creation may be optional. Once created, Tenable Nessus saves the policy with recommended settings.
Tenable Nessus has the ability to log into remote Linux hosts via Secure Shell (SSH); and with Windows hosts, Tenable Nessus uses various Microsoft authentication technologies. Tenable Nessus also uses the Simple Network Management Protocol (SNMP) to make version and information queries to routers and switches. The scan credentials are stored in global.db.
Tip: For information about the encryption strength that Tenable Nessus uses for credentials, see Encryption Strength.
The scan or policy’s Credentials page allows you to configure the Tenable Nessus scanner to use authentication credentials during scanning. Configuring credentials allows Tenable Nessus to perform a wider variety of checks that result in more accurate scan results.
There are several forms of authentication supported including but not limited to databases, SSH, Windows, network devices, patch management servers, and various plaintext authentication protocols.
In addition to operating system credentials, Tenable Nessus supports other forms of local authentication.
You can manage the following types of credentials in the Credentials section of the scan or policy:
- Cloud Services
- Database, which includes MongoDB, Oracle, MySQL, DB2, PostgreSQL, and SQL Server
- Host, which includes Windows logins, SSH, and SNMPv3
- Miscellaneous services, which include VMware, Red Hat Enterprise Virtualization (RHEV), IBM iSeries, Palo Alto Networks PAN-OS, and directory services (ADSI and X.509)
- Mobile Device Management
- Patch Management servers
- Plaintext Authentication mechanisms including FTP, HTTP, POP3, and other services
- Web Authentication Credentials (Web App scan templates only)
Credentialed scans can perform any operation that a local user can perform. The level of scanning depends on the privileges granted to the user account. The more privileges the scanner has via the login account (for example, root or administrator access), the more thorough the scan results.
Note: Tenable Nessus opens several concurrent authenticated connections. Ensure that the host being audited does not have a strict account lockout policy based on concurrent sessions.
If a scan contains multiple instances of one type of credential,