Skip to content

Common Network device checks for Nanitor collector

The Nanitor agent is the preferred way, but not all systems can have a Nanitor Agent installed on it. For the devices we cannot install an Agent, we provide a Nanitor collector that connects to the devices by IP address for example using SSH, telnet for network devices and servers, or SQL connection for databases.

For network devices, we connect via SSH and

  1. Check the firmware/software versions.
  2. Get the device configuration (Cisco for example show running-config etc.)
  3. Common checks across all network devices include:
    1. Is the SSH secure?
    2. Are there secure timeouts in place for the console, idle timeout, and so on.
    3. Is NTP set up and configured?
    4. Is the time zone configured?
    5. Has the hostname been set for this device?
    6. Is the device logging properly?
  4. Check the ARP table to pass through to network discovery.
  5. Various other “show-type” commands are used for vulnerability checking for network devices that support OVAL checks.