Agentless Scan | Enterprise Recon | Ground Labs

Agentless Scan

This section covers the pursue topics :

Overview

You can use ER2 to perform an agentless scan on network Targets via a Proxy Agent. Agentless scans allow you to perform a scan on a target system without having to :

  1. Install a Node Agent on the Target host, and
  2. Transmit sensitive information over the network to scan it.

Use agentless scans when :

  • The Node Agent is installed on a host other than the Target host.
  • Data transmitted over the network must be kept to a minimum.
  • The Target credential set has the required permissions to read, write and execute on the Target host.
  • The Target host security policy has been configured to allow the scanning engine to be executed locally.

For more information, see Agentless scan Requirements below.

How an Agentless Scan Works

When an agentless read starts, the Proxy Agent receives instructions from the Master Server to perform a read on a prey host. once a guarantee connection to the Target host has been established, the Proxy Agent copies the latest interpretation of the scanning engine to a irregular location on the Target horde .
The scan locomotive is then run on the Target server. It scans the local anesthetic system and sends aggregated results to the Proxy Agent, which in change by reversal sends the results to the Master Server. Data scanned by ER2 is kept within the Target host. only a drumhead of rule matches is sent binding to the Master Server .
once the scan completes, the Proxy Agent cleans up irregular files created on the Target host during the scan and closes the connection.
Enterprise Recon 2.2 Agentless Scan architecture consisting of Master Server, Proxy Agent and Target host.

Agentless Scan Requirements

Make sure that the Target and Proxy Agent host fulfill the postdate requirements :

Target Host Proxy Agent TCP Port 1 Requirements
Windows host Windows Proxy Agent
  • Port 135, 139 and 445.

For Targets running Windows Server 2008 and newer :

  • Dynamic ports 9152 – 65535

For Targets running Windows Server 2003 R2 and older :

  • Dynamic ports 1024 – 65535

WMI can be configured to use static ports alternatively of dynamic ports .

  • Bi-directional SCP must be allowed between the Target and Proxy Agent host.
  • The Target host security policy must be configured to allow the scanning engine to be executed locally.
  • The Target credential must have the required permissions to read, write and execute on the Target host.
Linux or UNIX host Windows, Linux or UNIX Proxy Agent
  • Port 22.
  • Target host must have a SSH server installed and running.
  • Proxy Agent host must have an SSH client installed.
  • Bi-directional SCP must be allowed between the Target and Proxy Agent host.
  • The Target host security policy must be configured to allow the scanning engine to be executed locally.
  • The Target credential must have the required permissions to read, write and execute on the Target host.
macOS host macOS Proxy Agent
  • Port 22.
  • Target host must have a SSH server installed and running.
  • Proxy Agent host must have an SSH client installed.
  • Bi-directional SCP must be allowed between the Target and Proxy Agent host.
  • The Target host security policy must be configured to allow the scanning engine to be executed locally.
  • The Target credential must have the required permissions to read, write and execute on the Target host.

1 TCP Port allowed connections.

For best results, use a Proxy Agent master of ceremonies that matches the Target master of ceremonies platform. For exemplar, Debian Proxy Agent hosts should scan Debian Target hosts .
Data discovery and Remediation using the Agentless Scanning feature requires a high level of exploiter license and data access. This carries implicit in risks which could lead to privilege bill maltreatment or data loss due to the higher-than-usual level of access needed to achieve full domain access with outside software deployment and distant process execution to achieve an agentless scan or redress action. Before embarking on this approach, Ground Labs recommends consideration of the Agent-based scan approach which can achieve data discovery with a deoxidize charge of drug user permission whilst offering other performance benefits .

Supported Operating Systems

ER2 supports the follow manoeuver systems as agentless scan Targets :

Microsoft Windows Operating Systems

ground Labs supports and tests ER2 for all Windows versions supported by Microsoft .
prior versions of Windows may continue to work a expected. however, Ground Labs can not guarantee confirm for these versions indefinitely .

Linux Operating Systems

ground Labs supports and tests ER2 for all Linux distributions listed under Supported Operating Systems. however, other Linux distributions that are not indicated may work as expected .

macOS Operating Systems

flat coat Labs supports and tests ER2 for all macOS versions listed under Supported Operating Systems. however, other macOS versions that are not indicated may work as expected .

Start an Agentless Scan

To perform an agentless scan on a target :

  1. Log in to the ER2 Web Console.
  2. Navigate to the Select Locations page by clicking on:
    • Scans > New Scan, or
    • the New Scan button in the
      Dashboard,
      Targets, or
      Scans > Schedule Manager page.
  3. On the Select Locations page, click + Add Unlisted Target.
  4. In the Select Target Type window, choose Server and enter the host
    name of the Target in the Enter New Target Hostname field.
  5. Click Test. If ER2
    can connect to the Target, the button changes to a Commit button.
  6. In the Select Types dialog box, select Target locations from Local
    Storage or Local Process Memory, select the Target type, and click Done.
  7. In the New Target page:
    1. Assign Target Group – Assign the Target to the Target Group selected
      from the dropdown box.
    2. Specify the Operating System of the Target – Select the operational system for the Target master of ceremonies from the dropdown box .
      ER2 (e.g.
      PRO

      Data Classification with MIP,
      PRO guarantee that you select the chastise operating system for the Target host. Certain features in ( e.g. Data Access Management ) may not work deoxyadenosine monophosphate expected if the selected operate on organization is incorrect or is set to “ Remote Access lone ” .

  8. Click Next.
  9. The UI prompts you if there is no usable Agent detected on the Target host.
    Select Would you like to search this target without installing an agent on
    it?
    to continue.
  10. Fill in the following fields and snap Next :
    Credentials Details dialog box to configure the credentials and proxy agent to perform an agentless scan.

    Field Description
    Credential Label Enter a descriptive label for the credential set.
    Username Enter your Target host user name.
    Password Enter your Target host user password, or passphrase for the private key.
    (Optional) Private Key Upload the file containing the private key.
    Only required for Target hosts that use a public key-based authentication method. See Set Up SSH Public Key Authentication for more information.
    Agent to act as proxy host Select a suitable Proxy Agent.
  11. On the Select Data Types page, select the Data Type Profiles to be included in your scan and click Next. See Data Type Profiles.
  12. Set a scan schedule in the Set Schedule section. Click Next.
  13. Review your scan configuration. Once done, click Start Scan.
source : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.