Paul Jike wrote: > I am planning to deploy Nessus as a tool for scanning a very large > network, locating the Windows hosts online, logging into these hosts > and retrieving a dozen registry keys. > The number of hosts that I expect to find in each scan is about 50000. > I am wondering how fast Nessus might be in collecting this data and > which architecture would deliver the best performance.
Tenable has many customers that deploy multiple permanent Nessus scanners and use the Security Center to load balance the scan. Depending on the amount of items checked, the number of scanners and the speed of the network, some of these customers complete their scans in a few hours. Others take longer. If you are logging into these system with credentials, the best thing you can do to decrease your scan time is to disabled network port scans and only use WMI. There is no reason to perform a full port scan if you are logging into the system and can ask it for its list of open ports. Tenable's plugins also tells you the running process which owns the port as well. Lastly, you should read the following Tenable blog entries which discuss this topic: Optimizing Enterprise Nessus Scanning for Speed http://blog.tenablesecurity.com/2007/01/optimizing_ente.html How to Perform a full 65,535 Port Scan with just 713 Packets http://blog.tenablesecurity.com/2008/09/how-to-perform.html Understanding Nessus Safe Checks http://blog.tenablesecurity.com/2006/09/understanding_t.html How to Audit an Internet Facing Server http://blog.tenablesecurity.com/2008/04/how-to-audit-an.html Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
