AnsweredAssumed Answered

credentialed vs non-credentialed scans

Question asked by lpt on May 1, 2012
Latest reply on Aug 28, 2012 by dpa2011

If you are doing a credentialied scan (a host scan), then there is less load on the network and presumably you get

better information back such a registry scan information and file attribute information. However, if you are doing a non-credentialed scan, you see the network they way an attacker would see it and you could make the assumptions that the highs found on a non-credentialed scan might be more important to fix first since those are what the bad guys will see first --------- then after that, fix the highs on a fully authenticated credentialed scan. That is my thought. Does anyone else think this? Is it a waste of time to do a non-credentialed scan if you already have fully authenticated scans? I am looking for at least 5 people to give their opinions on this.

Outcomes