Thursday, August 6, 2020

Authenticated Vulnerability Scans in FIPS mode for Juniper Gear?

My company uses Juniper gear in an environment that requires FIPS to be enabled. When performing authenticated scans (currently using Tenable.sc) the scanner can successfully authenticate using the service account credentials we provide, but all of the subsequent checks fail because the scanner is unable to identify the operating system of the device. Doing a little digging through logs, we discovered that the scanner is not using the correct command - the command used to show operating system information is usually “show version”, but when FIPS is enabled, the command is “show version local”. Apparently the nessus plug-ins don’t know this. We’ve also done a PoC of Rapid7 Nexspose with the same results.

I refuse to believe we are the only people using Juniper gear with FIPS enabled that are also doing authenticated vulnerability scans... has anyone else successfully scanned FIPS-enabled gear? If so, what scanner was used?

Thanks!



No comments:

Post a Comment