SMB Authentication from OUTSCAN/HIAB
Purpose
This document provides the steps needed for setting up SMB Authentication from HIAB and OUTSCAN.
Introduction
SMB Authentication can be set up from OUTSCAN and HIAB in three different ways, per target, per target group, and per scan policy.
Setting up SMB Autentication
It is possible to set up SMB Authentication from OUTSCAN and HIAB in three ways.
- Per target
- Per target group
- Per scan policy
Per Target
SMB authentication per target can be set in Main Menu > Netsec > Manage Targets.
To access the settings:
- Right click on the desired target and select Edit, it opens a Maintaining Target window.
- Go to the Authentication tab.
- Select SMB in the Authentication drop-down menu.
- Enter the Credentials that will be in use.
- Select the Enable remote registry checkbox to allow the scanner to access the Windows registry.
- To test if the credentials are valid, click the Test button to the right in the Test Credentials area.
Per Target Group
SMB authentication for a Target Group can be set in Main Menu > Netsec > Manage Targets.
To access the settings:
- Right click on the desired target group and select Set Target Authentication.
This action displays a new window where the authentication can be set. - Select SMB in the drop-down menu.
- Enter the credentials that will be in use for all targets in this group.
- Select the Enable remote registry checkbox to allow the scanner to access the Windows registry.
- To test if the credentials are valid, click the Test button to the right in the Test Credentials area.
Per Scan Policy
SMB authentication can also be set when creating a Scan Policy in Scan Scheduling.
To access the settings,
- Go to Main Menu > Netsec > Scan Scheduling and select the Scan Policy Tab.
- To view the Maintaining Scanning Policy window:
- Click on + New policy, or
Right-click on existing system policy and select Edit.
Caution
A system policy cannot be edited. By clicking on Edit, a copy of the template is created.- In the Maintaining Scanning Policy window, select the SMB tab.
Enter the credentials to be used and click Save.
Option Description SMB domain
The SMB domain to use when scanning the remote host. SMB username
The username to use when attempting to log on to the remote host via SMB.
SMB password
The password to use when attempting to log on to the remote host via SMB.
SMB allow NTLMv1
Whether to allow authentication using NTLMv1.
SMB allow plain-text password transmission
Whether to allow scanning using plain-text password transmission.
Enable remote registry
If this option is checked, the scanner starts the Remote Registry Service using the provided user details and once finished, disable the service again.
Target Credentials
Target
Enter a Target to test the credentials and click Test Credentials.
Note
There could be multiple targets with same IP/hostname which must be linked to different scanners.
For example:
192.168.0.1 on Scanner01
192.168.0.1 on Scanner02To test the credentials on one of these targets, the scanner name should be provided along with the target to run a successful test using the format given below:
192.168.0.1<Scanner01
Warning
Multiple attempts to login with the same account or on the same domain can cause account lockout and should be avoided.
Reference
Authenticated Scanning using SMB
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.