topic A human being. in Network Security https://community.cisco.com/t5/network-security/best-network-vulnerability-scanner-solution-for-cisco/m-p/2827303#M915733 <P>A human being.</P> <P>Vulnerability scanners generally look for open tcp and udp ports. Say a Cisco switch only allows ssh (tcp/22) and restricts that via ACL on the vty line.</P> <P>A typical vulnerability scanner may say that device is very secure. Never mind that your IOS is subject to lots of security-related bugs that may manifest if you enable any other services in the future (ntp, snmp, https etc.), Never mind that you aren't sending sylogs anywhere and if you are you have no people actually analyzing the received data. Never mind that you don't have any network access control (a la 802.1x and/or ISE) and there your switch is just an open invitation for intruders to connect to your network.</P> <P>Get my point?</P> Fri, 11 Dec 2015 03:56:54 GMT Marvin Rhoads 2015-12-11T03:56:54Z best network vulnerability scanner solution for Cisco environment !? https://community.cisco.com/t5/network-security/best-network-vulnerability-scanner-solution-for-cisco/m-p/2827302#M915728 <P>hi,</P> <P></P> <P>I would like to know from your experiance what is the best&nbsp;vulnerability assesment scanner solution for the network appliances specially for Cisco devices !?</P> <P></P> <P></P> <P>thanks,</P> Fri, 21 Feb 2020 13:38:15 GMT https://community.cisco.com/t5/network-security/best-network-vulnerability-scanner-solution-for-cisco/m-p/2827302#M915728 mohammed hashim 2020-02-21T13:38:15Z A human being. https://community.cisco.com/t5/network-security/best-network-vulnerability-scanner-solution-for-cisco/m-p/2827303#M915733 <P>A human being.</P> <P>Vulnerability scanners generally look for open tcp and udp ports. Say a Cisco switch only allows ssh (tcp/22) and restricts that via ACL on the vty line.</P> <P>A typical vulnerability scanner may say that device is very secure. Never mind that your IOS is subject to lots of security-related bugs that may manifest if you enable any other services in the future (ntp, snmp, https etc.), Never mind that you aren't sending sylogs anywhere and if you are you have no people actually analyzing the received data. Never mind that you don't have any network access control (a la 802.1x and/or ISE) and there your switch is just an open invitation for intruders to connect to your network.</P> <P>Get my point?</P> Fri, 11 Dec 2015 03:56:54 GMT https://community.cisco.com/t5/network-security/best-network-vulnerability-scanner-solution-for-cisco/m-p/2827303#M915733 Marvin Rhoads 2015-12-11T03:56:54Z