Question

Research the difference between a credentialed and non-credentialed vulnerability scan and write a brief summary of the difference.

Answer 1

Solution :-

There are two types of scan namely credentialed and non-credentialed vulnerability scan. The following is the brief summary of the difference between them -

Credentialed Scan -  

• It is a much safer version of vulnerability scanner.
• It is also known as authenticated scan.
• As compared to non-credentialed scan, a credentialed scan provides more detailed information.
• One can also set up the user permissions and auditing of files.
• In credentialed scan there is less load on the the network and detailed information is obtained.
• Also credentialed vulnerability scan provides you with the remotely exploitable ones and remotely detectable vulnerabilities.
• It is more accurate as there is access to the systems in your environment through the credentials.
• Credentialed scan is mostly recommended and and also safer.

Non-credentialed scan -

• In non-credentialed scan monitors the network and looks for vulnerabilities if any that an attacker would easily find.
• It is also known as unauthenticated scans.
• With a non-credentialed vulnerability scan the vulnerabilities should be fixed first as this is the entry point of attackers when they enter the network.
• They do not provide deeper insights into application and OS vulnerabilities.
• These type of scans may provide false hope about the system being safe which might not be the case in reality. In reality the attackers might frequently target those vulnerabilities that have gained access to credentialed access.
• Non-credentialed scan is not an accurate indicator of safety risk.