Chapter 7. Cisco Secure Scanner
This chapter contains the following sections:
Chapter 3, “Overview of the Cisco Security Solution and the Cisco Secure Product Family,” covered the Security Solution that has been devised by Cisco in order to provide total network security. This solution consists of five key elements:
Identity
Perimeter security
Data privacy
Security monitoring
Policy management
This chapter delves deeper into the fourth key element of the Cisco Security Solution: security monitoring.
Security management, like network management, is a dynamic, ever-changing process. Once you have designed and implemented a security solution, it has to be measured. One way of measuring the integrity of your solution is with a network scanner, which will scan every live IP address on your network and check the results against well-known vulnerabilities. A full report is then created, and actions can be taken to remedy any shortcomings in the design or implementation. It's important to make the changes and then scan the network again to ensure that the changes have been effective and their implementation hasn't caused any further security vulnerabilities. The security vulnerability database for all leading network scanners is upgraded on a periodic basis, ensuring that every new vulnerability that is discovered is added to the database. When you run a network scan, you can be sure that you are scanning for the latest vulnerabilities.
Cisco Secure Scanner is a full, network-scanning utility that can be used for regular security-monitoring purposes.
This chapter takes a look at the Cisco Secure Scanner. The chapter starts by providing an explanation of the processes and theory behind network scanning, and it moves on to look at the Cisco Secure Scanner product and how it is used to carry out network scanning.