The Tenable Nessus vulnerability scanner may be used to audit the running configuration of Cisco routers, switches, and firewalls. Tenable Network Security provides several default audit policies based on Cisco's recommendations and those from the Center for Information Security (CIS).
Example audit points include:
- Being able to turn on and off audit checks based on the version of IOS
- Requiring encrypted passwords
- Banning the use of common SNMP community strings
- Forcing the use of Secure Shell (SSH) to access the IOS console
- Ensuring the device does not allow unauthorized services