Browse Definitions :
Definition

unauthenticated security scan (logged-out secuity scan)

Contributor(s): Matthew Haughn

An unauthenticated security scan, sometimes called a logged-out scan, is the process of exploring a network or networked system for vulnerabilities that are accessible without logging in as an authorized user.

Unauthenticated vulnerability scans inspect the security of a target system from an outside perspective. These scans allow visibility into what a malicious hacker could access without acquiring login credentials to pose as a trusted user. Security scans, authenticated or otherwise are an important part of ensuring the security of computer systems, networked devices and networks.

vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts

Unauthenticated scans can be performed remotely without requiring much in the way of costs and specialized knowledge. They require less internal cooperation and are less intrusive to the environment than authenticated security scans, which access system resources that are available to trusted uses. 

There are several benefits associated with unauthenticated vulnerability testing:

  1. It's easier.
  2. It requires fewer testing tools.
  3. It requires fewer internal staff resources.
  4. You can still exploit a vulnerability to gain a remote command prompt, etc.
  5. It can often be done without time constraints.

All in all, vulnerability testing from an external point of view tends to be very focused, quickly resulting in a finite set of results with little cost to the organization.

This was last updated in July 2015

Continue Reading About unauthenticated security scan (logged-out secuity scan)

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Also know as a port scanner, running a port scanner continuously can be a decent alternative, or complement human penetration testing. It can also give a list of open ports for a human to explore.

My experience is that most vulnerability scans that also try to simulate attacks - like nMap - simulate /old/ weaknesses that modern, patched systems should not have.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with...

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

SearchSecurity

  • DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a ...

  • integrated risk management (IRM)

    Integrated risk management (IRM) is an approach to risk management that uses a set of practices and processes to improve an ...

  • MITRE ATT&CK framework

    The MITRE ATT&CK (pronounced 'miter attack') framework is a free, globally accessible service that provides comprehensive and ...

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification and is used in internally mounted ...

  • kilobyte (KB or Kbyte)

    A kilobyte (KB or Kbyte) is a unit of measurement for computer memory or data storage used by mathematics and computer science ...

  • virtual memory

    Virtual memory is a memory management capability of an operating system (OS) that uses hardware and software to allow a computer ...

Close