Great questions Mike, I too would be interested in user's experience.
I have a handful of carefully placed Debian boxes running cron for updates and scans. I collect the results via scripts. Cron scans are full scans following the config recommendations in the users guide. I am currently using some scripts to massage the .nsr into csv file that can be sorted by risk factor / solution / etc. plus the usuall. I find my self running alot a large scans using the beta nessus client. I like to be able to view the results as the scan is still being performed. In the end I have a large db that use to trend and track results. As my company has grown to include over 10000 devices, I am looking at the security center and PVS as a more efficient way of tracking and trending. Plus all the other neat things you can do within thier console. I also use some of the xsl file htat you created Mike. They come in handy. On 10/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > I'd be interested in hearing from anyone who has enterprise level > deployments of Nessus, and how you handle a few items, for those that are > able to share: > > 1) With regulations such as PCI requiring production network scanning -- > when do you scan? Downtimes? Daytime, etc? > > 2) What has your experience been with outages, overload, etc based on the > above? How have you mitigated the risk of overloading network devices with > sessions, device failure, etc? > > 3) What settings as far as throttling/sessions/# hosts, have you found to > be most efficient (and over what sort of network, fast ethernet\gb, etc) > > 4) What settings for safe checks, port range, paranoia, thorough -- have > been most effective as a balance between accuracy / false positives / speed? > > 5) Have you implemented workstation scanning? Do you scan all? A pool? > Rotate quarterly? > > 6) For those using a distributed scanner architecture -- what's been > effective? what did you "do wrong"? What do you wish you'd done? > Tips/thoughts? > > 7) Thoughts on Security Center as a management tool for distributed > scanning? > > Thanks in advance, > Mike > > > > > > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- -p1g SnortCP ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
<<image/gif>>
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
