An unauthenticated security scan, sometimes called a logged-out scan, is the process of exploring a network or networked system for vulnerabilities that are accessible without logging in as an authorized user.
Unauthenticated vulnerability scans inspect the security of a target system from an outside perspective. These scans allow visibility into what a malicious hacker could access without acquiring login credentials to pose as a trusted user. Security scans, authenticated or otherwise are an important part of ensuring the security of computer systems, networked devices and networks.
A vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts.
Unauthenticated scans can be performed remotely without requiring much in the way of costs and specialized knowledge. They require less internal cooperation and are less intrusive to the environment than authenticated security scans, which access system resources that are available to trusted uses.
There are several benefits associated with unauthenticated vulnerability testing:
- It's easier.
- It requires fewer testing tools.
- It requires fewer internal staff resources.
- You can still exploit a vulnerability to gain a remote command prompt, etc.
- It can often be done without time constraints.
All in all, vulnerability testing from an external point of view tends to be very focused, quickly resulting in a finite set of results with little cost to the organization.