How does authenticated networks scans work?

Authenticated vs. un-authenticated

Authenticated scans can also be referred to as Local scans and un-authenticated scans may be referred to as Remote scans.

What remote scans (un-authenticated) would do is to access the system from the outside using similar methods, techniques and protocols as a potential attacker. 

Remote scans can often be more aggressive compared to Local scans. This is due to the nature of their purpose, to isolate and identify weaknesses based on various approaches. 

Authenticated (Local scans)

An authenticated network scan is used to access the system from within (by logging in with a user account) where information such as patch levels, software versions and the systems registry can be assessed.  

The success of an authenticated scan depends on the OS that is scanned and the permissions levels of the user account that is utilized by the scan to authenticate (login) to the system.

For example:

  • On Windows system an unprivileged user is very restricted and can't access areas like the Windows registry or the Windows system folder.
    Users with administrative permissions provides more results on Windows systems.
  • On Linux system an unprivileged user is enough and can access the important areas for a good result.

There is normally more vulnerability details returned from the scan when performing an authenticated scan.


Have more questions? Submit a request


Please sign in to leave a comment.