https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900521#M621 <P>Hello (again),</P><P>Regarding OpenVAS vulnerability scanner, if you have a Linux box that is "docker" capable a Very Nice Man has containerized the OpenVAS application so that you can just do a "docker pull &lt;package&gt;" to install it :-O</P><P>I've just run it against my VSR installation so I now need to go and have a look at the SSH version - seems to work a treat</P><P>Hope that helps</P><P>Thanks</P><P>Ian</P><P>&nbsp;</P> Tue, 20 Sep 2016 23:25:51 GMT Ian Vaughan 2016-09-20T23:25:51Z https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900289#M617 <P>Hi Guys</P><P>I'm New in handling HP Switches, we recently deployed new Hp switches. The company required a Vulnerability Assestment on the Network devices. We have nipper scanner 0.12.6 but it seems like this is only for cisco switches.</P><P>Can you recommend best and tested Vulnerability Assestment and security Audit tools I can use for HP Switches?</P><P>Both Open source and Licensed is Okay.&nbsp;</P><P>Can you help me out on this guys?! Thanks a lot!! :)</P> Tue, 20 Sep 2016 09:19:50 GMT https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900289#M617 flodnar31 2016-09-20T09:19:50Z https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900490#M620 <P>Hello,</P><P>I would:</P><OL><LI>Work through the "hardening" guide for the particular platform - for example, Comware has a "fips-mode enable" configuration macro that turns off the insecure services and the more vulnerable ciphers etc.</LI><LI>Load up a linux box with OpenVAS (free) or Nessus (paid), download the latest vulnerability packs, and scan the nodes for security holes.</LI></OL><P>Nipper seems to be a configuration comparison tool.There isn't a direct equivalent for HPE/Aruba but...</P><P>If you need to do a configuration audit on some of the HPE / Aruba switches there are pre-built scripts / tests (such as ones for PCI-DSS compliance) built into the iMC Standard Edition Management Platform. This is a purchasable licensed product but you can get a free trial for 60 or so days and test drive it to see if it does what you need.</P><P>Kudos and Solved buttons help others find useful posts - don't be shy - you don't even need to be the original poster - give us a click.&nbsp; :-D</P><P>Thanks</P><P>Ian</P> Tue, 20 Sep 2016 21:07:15 GMT https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900490#M620 Ian Vaughan 2016-09-20T21:07:15Z https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900521#M621 <P>Hello (again),</P><P>Regarding OpenVAS vulnerability scanner, if you have a Linux box that is "docker" capable a Very Nice Man has containerized the OpenVAS application so that you can just do a "docker pull &lt;package&gt;" to install it :-O</P><P>I've just run it against my VSR installation so I now need to go and have a look at the SSH version - seems to work a treat</P><P>Hope that helps</P><P>Thanks</P><P>Ian</P><P>&nbsp;</P> Tue, 20 Sep 2016 23:25:51 GMT https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6900521#M621 Ian Vaughan 2016-09-20T23:25:51Z https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6907350#M678 <P>Thanks Ian. We'll try your recommendations for now</P><P>Appreciate the great help.</P><P>&nbsp;</P> Thu, 13 Oct 2016 14:10:56 GMT https://community.hpe.com/t5/security-e-series/hp-switches-vulnerability-assestment/m-p/6907350#M678 flodnar31 2016-10-13T14:10:56Z