When vulnerabilities are scanned from the perspective of an outside attacker and without actually logging in to the target system(s), only a limited and narrow picture of exposure to threats can be found. For a better picture, it is a good idea to log in with the right kind of credentials.
Please, come on in!
Credentialed/authenticated scans are performed from a trusted user’s perspective and directed to the target environment or individual systems. Authenticated scans reveal vulnerabilities that external scans may be unable to find.
Break it, but stay in control
Logging in can be done with standard user or elevated privileges. If privileged access credentials are used, the risk of something falling apart is naturally somewhat higher. In most cases however the risk is definitely worth the potential benefits. Features of a good vulnerability scanner include an option to control the use of potentially dangerous tests — which means you can be prepared in advance for possible problems and interruptions caused by scanning activities.
See more and see better
Authenticated network scanning is used to gain access to the system from within, by logging in with a user account that possesses necessary privileges to review certain important details such as patch level (and especially verification of correct patch installation), installed software versions and system registry information. The success of the verified scan and the completeness of the results are affected by the target operating system and the account authorization levels that the scan uses to log in.
When in Rome
In a typical Windows installation, the average user is limited and cannot access destinations such as the system registry or system folder other than within their own profile context. Scanning with usernames that have administrator privileges yields significantly more results on Windows systems. On a Linux system, the average user with standard privileges is usually sufficient to access critical areas of the system for good scanning results and coverage.
Fresh, new points-of-view
Unauthenticated remote scans seek to determine the possibility of access to the target system from outside the system, using methods and protocols similar to those of an external attacker. Such remote scans can often be more aggressive than locally performed authenticated scans. Each scan type has its own, complementary basic purpose — to identify weaknesses based on different approaches and angles of attack.
