Anyone have any advice on scanning network devices(switches, router, firewalls, wireless access point); can they be authenticated? Is it the same as opening ports on the server with 135 445 139 or for linux ssh 22? Is there any approach we can use to prevent impact to these device, e.g. Core Switch as interruption to it can cause disaster
The scanning impact while authenticated is very light. If your switch is supported it normally is a basic command like
yup…tcp/22 (SSH). i believe its doing a show ver, show run, and a port scan (depending on your template) to see what services are open. its not really impactful. SNMP is available too if you prefer to go that direction. you just wont get any of the config stuff. make sure you get the creds right before you go real wide with the scan or you are going to get 2 gillion shadow assets in there (interfaces not consolidated down to a single asset) as opposed to about a half a gillion. in my experience, it it is far from perfect consolidating network infaces down to a single asset (HUGE pet peeve of mine)…YMMV
Authenticated scans can be conducted on many appliances and devices that accept SSH connections. Best bet to prevent scanning impact is to conduct testing in a non-prod environment and do your best to stress non-prod prior to moving to production. It’s also good to schedule scans on critical assets during noted low traffic periods to help prevent any possible impacts even further.