-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi Ron,
no, I run nessus on debian linux, and I cant see any mention about Windows in my previous post. thanks for link to blog.tenablesecurity.com, its very useful i've tried to play with max_checks and test time is much better now (10-15 minutes), but the maximal value I can use is 15 and in log there is max_checks (20) > MAX_PROCESSES (16) I think, that our computer could handle more processes without problem. is somehow possible to increase this value? nessus3 is closed source, so i can't recompile it. why continuos scan: our network is student network, the only firewall rule we use is blocking connections to port 25 outside. we have problems with insecure user computers attacked by worms, etc. generating unwanted (and illegal) traffic. with nessus we check all computers, ones a week, and if we find it has security hole, we automatically change user's vlan to more restrictive one (and send email to user to apply the security updates) oHo Ron Gula wrote: > Hi Ondrej, > > Several comments and ideas -- > > You mention you are running Nessus on Windows XP. I'm curious if you > could share how you scheduled your continuous scans. I'm wondering if > you are experiencing overlap between your continuous scans. > > With Windows XP, the performance of scans is not as good as Windows > servers (like 2003). If you can upgrade to 2003 or Linux, you should get > better performance. More memory may help, but the Windows XP OS is > limiting you some. > > Perhaps you could lower the sampling of your continuous scans? Maybe add > an hour wait state between scans? > > Perhaps your check per hosts or hosts to scan at the same time could be > tweaked. When playing with these variables, I like to maximize checks > per host but put hosts per scan at like 1 or 2. This lets me see how > hard the Nessus scanner works scanning one host. > > The delay between logging into Nessus and starting the scan of 1 minute > (especially during another scan) is expected. > > You are correct in your understanding of the 'optimize_test' setting. > You should also enable 'safe_checks' as well: > http://blog.tenablesecurity.com/2006/09/understanding_t.html > > I'm not sure what your organization's goals of a continuous scan are. If > you want to discover new hosts, you don't need a full vulnerability scan > for this. Other ideas you might look into: > > - The 'optimizing Nessus scan speed' blog entry > http://blog.tenablesecurity.com/2007/01/optimizing_ente.html > > - You may also want to consider passive products like our Passive > Vulnerability Scanner that monitor network traffic. > > Ron Gula, CTO > Tenable Network Security > http://www.tenablesecurity.com > > > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkdW07+9cGMV5qZXAQJnMQf/Qh5jgVscDLgWsmNpjLc2D162AyNvaWzY Ay0wwVYJptEwtnduIoMnHzeOQJTKcA5SgvaR/s0IqUg21V5xM5tWzFx1+BwhwmaP yd/iPGBDLi1pMFuw9t8L7WHlRqMNA1Q+ncYNc7EI4xvNISQDNd5NoXDeUFComyai wYWOoS4UN6eg0Bi0ITz8n/boTS3ZsuNSFAb6JNetAllrqoNHOnJx54HakKFHLANj lL5RFil7ijQZD97uV7XVUsLeU6fN7BGL4FGUMNk9L6Gx366vu/dWO9suoqvXWsgL y8Vff0h1KasI6HA3SFFmQ8yferj+E2CR+UghWWWjdI4UwQogmPkIbg== =kn5q -----END PGP SIGNATURE----- _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
