Scanning Issues

Best Practices for Running Nessus Scans

Nessus is a widely used vulnerability scanning tool, but certain best practices should be followed to ensure accurate results and minimal network impact.

1. Pre-Scan Considerations

Before starting a Nessus scan, it’s important to:

  • Communicate with stakeholders (clients or internal teams) to define the scope.

  • Identify sensitive or legacy systems that should be excluded from the scan.

  • Schedule scans strategically (e.g., outside business hours for high-priority or high-availability hosts).

  • Fine-tune scan configurations to prevent false positives, missed results, or network disruptions.

2. Common Issues and Their Mitigations

a. Firewall Interference

  • Some firewalls may cause Nessus to report all ports as open or closed.

  • Solution: Disable "Ping the remote host" in an Advanced Scan to bypass ICMP checks.

  • Some firewalls return "ICMP Unreachable," which Nessus may interpret as a live host, leading to false positives.

b. Performance Tuning for Sensitive Networks

  • Rate-limiting scans helps avoid performance issues on high-load servers.

  • Adjust Max Concurrent Checks Per Host under Performance Options.

  • Exclude legacy systems and disable scanning for printers.

  • Use the nessusd.rules file to restrict scanning certain hosts.

c. Avoiding Denial-of-Service (DoS) Scans

  • Never run DoS plugins unless explicitly required.

  • Enable Safe Checks to prevent scanning activities that may crash network services.

3. Measuring and Minimizing Network Impact

Monitoring Network Load with vnstat

It’s crucial to measure how Nessus scans affect network traffic. vnstat can help assess this.

Step 1: Install vnstat

sudo apt install vnstat

Step 2: Monitor Network Traffic Before Scanning

sudo vnstat -l -i eth0

Step 3: Monitor Traffic During a Nessus Scan

sudo vnstat -l -i eth0

Findings

  • Nessus scans generate a significant amount of network traffic.

  • Running multiple concurrent scans on low-bandwidth networks can lead to congestion.

  • Solution: Optimize scan settings by:

    • Reducing Max Concurrent Checks.

    • Scanning critical assets separately.

    • Scheduling scans when network usage is low.

4. Automating Nessus Scans and Report Downloads

  • Nessus scans can be exported in .nessus (XML) or .db (database) format.

  • The Nessus REST API can automate scan execution and report retrieval.

  • Tools like nessus-report-downloader enable batch downloading of scan results.

PreviousExporting Nessus ScansNextOpenVAS

Last updated