Paul Duda

Remote management cards - best practices?

Discussion created by Paul Duda on May 19, 2016

Are there any "best practices" that folks are using when scanning remote management cards?  How are people authenticating?  On our cards we can make an SSH connection successfully to the card, but using the same credentials in Qualys as a unix authentication fails.  If we choose http, it appears we are successful (at least is does not say failed). 

Whether we successfully authenticate or not, we seem to get the same results.  I would expect different results, at least slightly, if we are authenticated when scanning.

 

As for remediation, we have updated firmware on the remote management cards, but that does not seem to resolve any of the vulnerabilities.  How are other people handling this?

 

Thanks!

Outcomes