[Dshield] Nessus - of topic?

George A. Theall theall at tifaware.com
Wed Oct 5 16:58:52 GMT 2005


On Wed, Oct 05, 2005 at 11:36:38AM +0200, Carloscar Andr?asson wrote:

> We have been using nessus for scanning specific targets now and then for 
> sometime but are now moving to start regularbased scannings
> of most of our subnets.
> So my question is does anyone have experience in doing larger scans ?... 
> What kinda hardware are you running nessus on?

While this doesn't directly answer your question, hopefully it will
point you in the right direction. 

Consider both what you're scanning for and whether you're limited to
scanning only during certain times.  Are you scanning for just, say, the
SANS Top 20? Or launching all 9000+ plugins across 65000+ TCP/UDP ports?
How often will you be scanning...  monthly, weekly, daily, etc?
Especially if you're time-constrained, a set of smaller machines might
be a more reasonable alternative than one monolithic Nessus server. 

With those things in mind, realize that in general memory and network
bandwidth are the biggest bottlenecks as far as Nessus is concerned. 
Increasing the memory especially will let you launch more simultaneous
attacks, and that can have a significant impact on how long your scans
take. 

Finally, it may be of interest to you to know that Nessus is supported
officially only under Linux (RedHat ES/AS and Fedora Core), FreeBSD and
MacOS X and that the upcoming Nessus 3 will be binary-only. 

Disclaimer: I work for Tenable Network Security supporting and writing
plugins for Nessus. 

George
-- 
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051005/21d75e27/attachment.bin


More information about the list mailing list