Credentialed scanning allows Alert Logic® to go into the target host and look at the vulnerabilities behind the operating system's protection mechanisms, such as password protection. This method streamlines the amount of time it takes for the scan to run and cuts down on false positives that can occur in a traditional port scan.
Credentialed scanning is better than uncredentialed scanning when it comes to:
- Missing patches, RPM levels on Red Hat, service packs, etc.
- Configuration issues such as password lengths, users without passwords, etc.
- Vulnerabilities in application programs that are not server programs such as Internet Explorer, image viewer, Microsoft Word, Adobe Acrobat PDF, etc.
- Non-intrusive testing for Denial of Service vulnerabilities that could otherwise crash the target
- Precise detection (fewer false positives and fewer false negatives)
You should always use credentialed scanning when possible. Uncredentialed scanning should be your last resort.