HPE Community
Security e-Series
1753786 Members
7659 Online
108799 Solutions
New Discussion

Re: HP Switches Vulnerability Assestment

 
SOLVED
Go to solution
flodnar31
Occasional Contributor

‎09-20-2016 02:19 AM

‎09-20-2016 02:19 AM

HP Switches Vulnerability Assestment

Hi Guys

I'm New in handling HP Switches, we recently deployed new Hp switches. The company required a Vulnerability Assestment on the Network devices. We have nipper scanner 0.12.6 but it seems like this is only for cisco switches.

Can you recommend best and tested Vulnerability Assestment and security Audit tools I can use for HP Switches?

Both Open source and Licensed is Okay. 

Can you help me out on this guys?! Thanks a lot!! :)

0 Kudos
3 REPLIES 3
Ian Vaughan
Honored Contributor

‎09-20-2016 02:07 PM

‎09-20-2016 02:07 PM

Re: HP Switches Vulnerability Assestment

Hello,

I would:

  1. Work through the "hardening" guide for the particular platform - for example, Comware has a "fips-mode enable" configuration macro that turns off the insecure services and the more vulnerable ciphers etc.
  2. Load up a linux box with OpenVAS (free) or Nessus (paid), download the latest vulnerability packs, and scan the nodes for security holes.

Nipper seems to be a configuration comparison tool.There isn't a direct equivalent for HPE/Aruba but...

If you need to do a configuration audit on some of the HPE / Aruba switches there are pre-built scripts / tests (such as ones for PCI-DSS compliance) built into the iMC Standard Edition Management Platform. This is a purchasable licensed product but you can get a free trial for 60 or so days and test drive it to see if it does what you need.

Kudos and Solved buttons help others find useful posts - don't be shy - you don't even need to be the original poster - give us a click.  :-D

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Ian Vaughan
Honored Contributor

‎09-20-2016 04:25 PM

‎09-20-2016 04:25 PM

Re: HP Switches Vulnerability Assestment

Hello (again),

Regarding OpenVAS vulnerability scanner, if you have a Linux box that is "docker" capable a Very Nice Man has containerized the OpenVAS application so that you can just do a "docker pull <package>" to install it :-O

I've just run it against my VSR installation so I now need to go and have a look at the SSH version - seems to work a treat

Hope that helps

Thanks

Ian

 

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
flodnar31
Occasional Contributor

‎10-13-2016 07:10 AM

‎10-13-2016 07:10 AM

Solution

Re: HP Switches Vulnerability Assestment

Thanks Ian. We'll try your recommendations for now

Appreciate the great help.

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.