Authenticated scanning involves providing credentials (such as usernames and passwords) to the scanning tool, allowing it to log in to the target systems or devices as an authorized user. This enables the scanning tool to access and collect detailed information about the target’s configuration, installed software, patches, and other system attributes that may not be accessible through non-authenticated scanning methods.
Qualys Authentication allows the scanning tool to gather comprehensive information about the target systems, including detailed software inventory, configuration settings, and patch status. By authenticating to target systems, Qualys can perform deeper vulnerability assessments, identify misconfigurations, missing patches, and potential security weaknesses that may be overlooked in non-authenticated scans.
Authenticated scanning offers several benefits, including:
More accurate and comprehensive vulnerability assessment results.
Better detection of security issues related to system configuration and patch management.
Reduced false positives and more reliable risk prioritization.
Enhanced compliance auditing capabilities, particularly for regulatory requirements that mandate comprehensive asset inventory and configuration management.
Note: There are prerequisites to this lab From the Previous labs. I will link them below.
Prerequisites
- Installation and configuration of the Qualys Virtual Scanner. Click here for a step-by-step guide on installing and configuring Qualys Virtual Scanner. Once your virtual Appliance is ready as shown in the screenshots below, let’s proceed to the next prerequisite.
- Windows Non-Domain (Local) Scanning Authentication Account Configuration in Qualys VMDR. Click here “Guide for Configuring Windows Non-Domain (Local) Scanning Authentication Account in Qualys VMDR”. You can proceed with this lab once the prerequisites are met.
We need to create an Option Profile for the authentication scan. Click on the scans tab > Option Profiles > New > Option Profiles.
Name your new Option Profile
Click on Scan, for this example we are leaving everything else as default except the Authentication as this is a basic Authentication scan. We are using the Windows Domain Authentication created in the previous lab. See how to create Windows Domain Authentication here. Click here to learn how to set up Unix Authentication (Linux in Qualys). Check the box next to Windows under Authentication. And Click the save button.
Note: Before you launch the scan, ensure your target host IP address (es) is in the same range as the IP address of your virtual appliance. Turn the firewall off on your target host. For this example, my target host is Windows 10 and Windows Defender is turned off. See how to turn Windows Defender off here. Click the Launch button.
Next, we are going to create a new Scan. To create a new scan in Qualys, click the Scans tab > Scans > New > Scan. Give your new scan a Title, Select the Option Profiles created, leave the Processing Priority as 0, and choose the Virtual Scanner Appliance created.
Choose your Target Host. You can choose an Asset Group, see how to create an Asset Group here. For this example, I am scanning a specific IP address of a Windows 10 virtual machine I made Vulnerable. Type your target IP address(es) In the IPv4 addresses/Ranges. Click the Launch button. See how to make a vulnerable machine here.
The Scan was completed successfully. You should see similar to the screenshot below. Click the blue View Results link to review the scan result.
Next, let’s review the Scan Result. Click here for How to Analyze Qualys Scan Results.
About The Author
