In order to perform an authenticated scan, an scanning tool can be configured with credentials controlled by a centralized directory (domain controller/AD/LDAP). While performing a scan, the scanner tries to establish a Remote Procedure Call (RPC) with the assets using configured credentials and, on successful login, executes tests on the same privilege level to that of the provided credentials.
An authenticated scan reports weaknesses exposed to the authenticated users of the system, as all the hosted services can be accessed with a right set of credentials. An unauthenticated scan reports weaknesses from a public viewpoint (this is what the system looks like to the unauthenticated users) of the system.
The advantages of authenticated scans over unauthenticated are as follows:
- Simulates a view of a security posture from a user's point of view
- Provides comprehensive scans covering more attack surfaces exposed
- The report provides detailed vulnerabilities exposed on assets that can be exploited by a malicious user
- Less false positives
- Increased accuracy in reports
The disadvantages of authenticated scans over unauthenticated are as follows:
- Takes more time to complete the scan as it covers more scanning signatures
- Adds the overhead of managing credentials used for scanning
- Involvement of intense test signatures may disrupt services hosted by an asset