UserIDs and
passwords can be guessed by unauthorized people trying to break in.
It is harder to guess a certificate.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ninan, Anil
Sent: Wednesday, October 23, 2002 5:10 PM
To: [EMAIL PROTECTED]
Subject: RE: new to nessus please helpFrom the FAQ I have to create the client certificate and copy that to the machine with NessusWX. If I create a certificate for a user, for that user to access the server I will have to send them the certificate I created, right?. Well, that user can give that certificate to someone else to access the server just like they can give the user id and password. Other than the fact that certificate is encrypted, what benefits do I get using certificate vs. userid and passwordThanks for the help as I am learning this-----Original Message-----
From: Carl Houseman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 23, 2002 2:03 PM
To: [EMAIL PROTECTED]
Subject: RE: new to nessus please helpCreating client certificates is discussed in the FAQ at nessus.org.You will have to keep the client certificate secure. It is not IP-specific.-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ninan, Anil
Sent: Wednesday, October 23, 2002 1:14 PM
To: '[EMAIL PROTECTED]'
Subject: new to nessus please helpI have installed nessusd on a Linux machine and NessusWX on windows2000. I was able to authenticate using user id and password and was able to scan the network successfully. Since users can give the userid and password to others what will be the best way to authenticate? Client certificate?. Where can I find the steps to create and activate a client certificate? I created a certificate using nessus-mkcert but how do I limit it to a particular client ip address? Do I just copy the certificate created by nessus-mkcert to the client machine for NessusWX to use?
Thanks for the help
