Credentialed versus non-credentialed scans

There are two types of scans, credentialed and non-credentialed. Let's look at these in turn:

  • Non-credentialed: A non-credentialed scan will monitor the network and see any vulnerabilities that the attacker would easily find; we should fix the vulnerabilities found with a non-credentialed scan first as this is what the hacker will see when he or she enters your network. For example, an administrator runs a non-credentialed scan on the network and he finds that there are three missing patches. The scan does not provide many details on these missing patches. The administrator installs the missing patches to keep the systems up to date as he can only operate on the information produced for him.
  • Credentialed ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.