Quick-start scans using a null session

4. Getting started: Performing an audit : Quick-start scans using a null session

Quick-start scans using a null session

One of the most serious threats in a network system is the misconfiguration of passwords. Default passwords or even worse blank password (technically referred to as ‘null’ passwords) are a big vulnerability because they could easily allow malicious users to gain access to your system without any considerable effort. GFI LANguard N.S.S. allows you to specifically verify whether your target computers have null passwords through a ‘null session’. During null sessions, the scanning engine will attempt to logon to a target computer with blank credentials. The benefit of such an exercise is that is such a scan is successful, it means your target is accessible without the need of logon credentials. To run a null session:

1. From credentials drop-down list provided in the toolbar select the Null Session option.

2. In ‘Scan Target’ drop down, specify the targets to be scanned during this null session.

3. From the ‘Profile’ drop down select the scanning profile to be used during this network vulnerability scan.

4. Click on Scan to initiate the scanning process.