When running a scan in USM Anywhere, you have the option to run it with or without authentication, a process used to verify the identity of a user, user device, or other entity, usually through a username and password. A credential is an identification that proves you are who you claim to be, and you are therefore a reliable source.
When running a scan without authentication, USM Anywhere probes the network services available on the target machine. Using known protocol behaviors, it attempts to identify the software that is running as well as its configuration and version. With this information, USM Anywhere then attempts to match the identified software with the known vulnerabilities to produce a report. The benefit of this approach is that the detection can be very specific in identifying known vulnerable behaviors.
When you choose to run a scan with authentication, your credentials allow USM Anywhere to query the running machine to gain detailed and accurate information about the running software and its configuration. This prevents false positivesA condition that is flagged as a vulnerability or weakness that is not actually a concern. This may be caused by other mitigating conditions (such as additional security technology) or inefficient tuning on detection technology. from misidentified services that can sometimes occur in the unauthenticated approach. In addition, an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges. ensures that all services and software are analyzed — regardless of whether the service is running or accessible from the network.
Important: A vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. scan requires credentials to perform an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges. on a host.
Keep in mind these points:
- USM Anywhere uses the credentials available for a given assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers., no matter what the privilegesDescribes features and functionality that are available to a specific user or group after user authentication. Privileges or permissions associated with user and group describe features and functionality that are available to a specific user or group. are for those credentials.
- When you run a scan for an asset, USM Anywhere uses the asset credential if the asset has one; if the credential does not work or the asset does not have an assigned credential, USM Anywhere will use the credential of the group which the asset is a member of, if it is part of an asset groupAsset groups are administratively created objects that group similar assets for specific purposes..
- When the asset does not have an assigned credential and the asset is a member of several asset groups with different assigned credentials, USM Anywhere tests every credential and will use the first one that works.
- When you assign a credential to an asset group, USM Anywhere will assign the credential to the group instead of assigning it to all of its members. If you want to assign a credential to all members of a group, see Assign Credentials to Group Members.
- USM Anywhere supports these cipher types:
Important: Credentials assigned directly to an asset have higher priority than those assigned to an asset group.
This topic discusses the following subtopics:
USM Anywhere supports running vulnerability scans on the following platforms and devices:
- Windows 7, 8.1, and 10
- Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 and 2019
- Amazon Linux and Linux 2
- CentOS 6, 7, and 8
- Debian 10
- Fedora 32 and 33
- Linux Mint 18, 19, 20, and Debian Edition 4
- Oracle Linux 6, 7, and 8
- Redhat Enterprise Linux 6, 7, and 8
- Ubuntu 16.04, 18.04, 20.04, and 20.10
- macOS 10.10, 10.11, 10.12, 10.13, 10.14, 10.15, and 11