|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ISSForum] How to display if vulnerability detected is requiring admin privileges.
From: Woah Down (woahdown
yahoo.com)
Date: Tue Jul 05 2005 - 12:37:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Pierre-Arnauld,
I believe the answer to this question is "sort of". There are four main reports that provide information with regards to the use of an account with administrator credentials which are the "Success" and "Failure" accounts located in the Internet Scanner local console. However with those reports, they only indicate this by a host basis sorted by IP or domain name.
What you are describing here specifically is a vuln by vuln indication and you can get this by running a report such as the "Network Vulnerability Assessment Report sorted by IP" (I know this is in the local console - not sure apout SiteProtector) where at the top of each vulnerability that applies, the user is told if Admin access was reached per vulnerability. This would probably get you what you are looking for, but it would not be done as quickly as you might need it to be. There are 3 other ways that I can think of to get this for you through the product, all being more involved than using the above report.
1. You could do a SQL query right to the database (not ideal, not pretty, but it would work).
2. You could create a custom report in Crystal Reports that stripped off everything but the vulns that reported admin status and list them as the vuln count reports do. Lots of up front work, but useful going forward.
3. You could observe which vulns required access via the report listed above, then go back to the report selection screen and use one of the counts reports, filtering by vulnerabilities based on your first report. This would list them, but it would be some work especially if you had a bunch of vulns. This might ultimately prove faulty however as if you filter off a vuln, everything (hosts) that flagged the vuln (independent of access) gets stripped also.
Pierre-Arnauld Lecoeuvre <plecoeuvreamadeus.net> wrote:
Hi all,
I have performed a scan on several servers with Internet Scanner 7.0 SP2.
I can gather all vulnerabilities on my Site Protector Console 2.0 SP5.
The report "Host Assessment details" gives me lot of information but I
don't know of vulnerabilities require admin privilege or not.
Is there a way to know (and count) quickly how many vulnerabilities with
admin privilege I have detected during my scan ?
Thanks for your help.
-------------------------------------------------
Pierre-Arnauld Lecoeuvre.
DEV/IIS/OAU/NET
Phone : +33 (0)4.97.23.09.62
-------------------------------------------------
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]