Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Credential Storage

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Credential Storage
Date: Thu, 10 Jan 2008 17:08:37 -0500 
Dagan, Kyle CIV DISA GS4B wrote:

Exactly how does nessus store the credentials and is it a secure method such
as encryption? Just need to know of the credentials are "out in the blue"
per say.



Nessus Client 3.0 stores credentials securely, unless you specifically 
ask it to save the credentials in clear text. We recently published a 
blog entry on how this client saves its data and scan policies at 
blog.tenablesecurity.com.

In the case of Windows, Nessus also has options to prevent the 
transmission of domain credentials in clear text and use SSH keys. This 
protects you from having a hostile system on your network wait for you 
to scan it to receive the domain or SSH passwords. We also get a lot of 
.mil customers asking us about Telnet support. You can encrypt Telnet 
passwords all day, but when you scan 1000s of systems with Telnet, it is 
not encrypted and you end up broadcasting this all over your network.

Historically, there have been many different types of Nessus clients, 
some written by Tenable, some written by other Nessus users and some 
commercial products. There have been a wide variety of methods used 
(including clear text) to store credentials. I don't have a list handy 
of which clients stored credentials which way. This was one of the 
reasons to move to a new Nessus Client 3.0 across all OSes.

Ron Gula, CTO
Tenable Network Security



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Credential Storage, Dagan, Kyle CIV DISA GS4B
Next by Date:  Script ID 10907, Joergen Nielsen1
Previous by Thread:  Credential Storage, Dagan, Kyle CIV DISA GS4B
Next by Thread:  Credential Storage, Warner, David F
Indexes:  [Date] [Thread] [Top] [All Lists]