By scanning the network, you can be sure that the patch and the changes did exactly what they were for, and not harmed information security as a whole. That the scanners are not able to do is to actively resist the firewalls (Firewall), systems of prevention / intrusion detection (IDS / IPS) and detection systems are unwanted. To get maximum benefit from the scanner, you must first correctly configure the appropriate software obespechenie.Passivny / active mode vulnerability scanner vulnerability scanners are of two types – active and passive. Each of these two species has its pluses and minuses. In passive mode, the scanner analyzes traffic that passes through the network between the systems, trying to find something unusual. The advantage of passive mode is that it has no impact on the network and its hard to detect. Users can continue working and do not suspect that are present in the network vulnerability scanner.
But this type of scanning has its drawbacks. The main is that not all traffic goes through a vulnerability scanner, and any shortcomings will be available for analysis in this mode. Active scanners check the system more like a hacker, not the auditors. They apply to systems in order to receive answers from them, and analyzing it to find 'holes' in the protection system. They are more 'aggressive', but also more effective than passive scanners. This activity can lead to undesirable consequences and adversely affect the operation of the whole network or individual components and systems. Often, such a scan can be disabled individual servers or network segments.