search

Scanning Issues

hashtag
Best Practices for Running Nessus Scans

Nessus is a widely used vulnerability scanning tool, but certain best practices should be followed to ensure accurate results and minimal network impact.

hashtag
1. Pre-Scan Considerations

Before starting a Nessus scan, it’s important to:

  • Communicate with stakeholders (clients or internal teams) to define the scope.

  • Identify sensitive or legacy systems that should be excluded from the scan.

  • Schedule scans strategically (e.g., outside business hours for high-priority or high-availability hosts).

  • Fine-tune scan configurations to prevent false positives, missed results, or network disruptions.

hashtag
2. Common Issues and Their Mitigations

hashtag
a. Firewall Interference

  • Some firewalls may cause Nessus to report all ports as open or closed.

  • Solution: Disable "Ping the remote host" in an Advanced Scan to bypass ICMP checks.

  • Some firewalls return "ICMP Unreachable," which Nessus may interpret as a live host, leading to false positives.

hashtag
b. Performance Tuning for Sensitive Networks

  • Rate-limiting scans helps avoid performance issues on high-load servers.

  • Adjust Max Concurrent Checks Per Host under Performance Options.

  • Exclude legacy systems and disable scanning for printers.

  • Use the nessusd.rules file to restrict scanning certain hosts.

hashtag
c. Avoiding Denial-of-Service (DoS) Scans

  • Never run DoS plugins unless explicitly required.

  • Enable Safe Checks to prevent scanning activities that may crash network services.

hashtag
3. Measuring and Minimizing Network Impact

hashtag
Monitoring Network Load with vnstat

It’s crucial to measure how Nessus scans affect network traffic. vnstat can help assess this.

hashtag
Step 1: Install vnstat

hashtag
Step 2: Monitor Network Traffic Before Scanning

hashtag
Step 3: Monitor Traffic During a Nessus Scan

hashtag
Findings

  • Nessus scans generate a significant amount of network traffic.

  • Running multiple concurrent scans on low-bandwidth networks can lead to congestion.

  • Solution: Optimize scan settings by:

    • Reducing Max Concurrent Checks.

    • Scanning critical assets separately.

    • Scheduling scans when network usage is low.

hashtag
4. Automating Nessus Scans and Report Downloads

  • Nessus scans can be exported in .nessus (XML) or .db (database) format.

  • The Nessus REST API can automate scan execution and report retrieval.

  • Tools like nessus-report-downloader enable batch downloading of scan results.

PreviousExporting Nessus ScansNextOpenVAS

Last updated