Hey everyone! We've recently achieved ISO certification and switched to using Meraki networking switches and access points. I'm wondering if we still need to conduct scans on these devices since they're cloud-managed and seem to have a minimal attack surface (like no SSH or Telnet access). Scanning doesn't reveal much detail, even the OS version. What do you think?
5 Answers
If your Meraki devices are installed on-premises in your own building, then yes, they definitely need to be scanned. It's all about maintaining security protocols, even if they seem low-risk.
Keep in mind that being cloud-managed adds a layer of complexity. It’s not just about security; consider the lock-in and cost factors too.
ISO27001 is more about following your documented policies. You should check your written policy to see what it says regarding scanning devices like Meraki switches and APs.
Anything that lies within your network boundary should be scanned. It's a good practice to keep everything secure, just in case.
We actually turned off the HTTP interface on our Meraki APs. The only concern from our security team is that there's hardly anything displayed during scans, which kinda leaves them in the dark. What do you think about that?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures