Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Nessus 3 for Windows and VMWare Question

from [Dan Bowman] Network Security [Permanent Link]
Subject: RE: Nessus 3 for Windows and VMWare Question
Date: Wed, 8 Nov 2006 10:01:49 -0500 
John, 

VMWare is a good tool but you have to take it for what it is and work around
it's short comings to make it work properly if you have a high I/O
application.

When I set up a server that will run VMWare for VM's, I often make a number
of changes to the system to prevent to much swap / caching of memory.  I
usually limit swap/cache to 1 or 1.5 times the total memory of the system.
In the case of a Windows system I set the cache initial size to the full
size of cache and do not let it grow, this prevents it from becoming
fragmented.

Often I'll turn off all swap/cache on a Windows system and run a disk
defragmentation many times, then enable the swap/cache to its full size so
that I know that it will be a contagious file and not fragmented and that it
will be earlier on the disk for faster seek times, I actually tend to do
this when I first build the system, well before any applications are
installed.

VMWare settings:

Network: keep it bridged.

Memory: Give the VM as much memory as you believe you would need for a
system natively doing this tasks.  If you short change the system you will
introduce a lot of lag as it caches out of the host system running VMWare
and it's own caching.  Nessus has timeouts for scanning and for NASL
connections, if your system is slow at responding because it does not have
enough memory, it will miss connections and your scan will be missing data,
at best.

If this is a Windows 2003 server, give it 500MB, the OS needs it.  Also
remember that Windows XP has a decremented IP stack since the implementation
of SP2.  See the KB I've attached below from our customer portal about this
issue.  Since you are running a VM, I'd recommend throttling down the scan
even more for better reliability in the results.

Increase the memory for the VM and slow down your scans for now and see how
it goes.

Regards,

-- Dan

Daniel Bowman
Director of Support & ITS
Tenable Network Security
mailto:dan@tenablesecurity.com
http://www.tenablesecurity.com/



Knowledgebase

ARTICLE SUMMARY:
Nessus Windows, Server vs. XP

SYMPTOMS:
Is there a difference in running Nessus Windows on Windows Server (2003)
versus Windows XP (Home & Pro)?

RESOLUTION:
Microsoft added changes to Windows XP SP-2 (Home & Pro) that can impact the
performance of Nessus Windows and cause false negatives.  The TCP/IP stack
now limits the number of simultaneous incomplete outbound TCP connection
attempts.  After the limit has been reached, subsequent connection attempts
are put in a queue and will be resolved at a fixed rate; 10 per second).  If
too many enter the queue, they may be dropped.  See the following Microsoft
TechNet page for more information:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx

This has the effect of causing a Nessus scan on Windows XP to potentially
have false negatives as XP only allows for 10 new connections per second
that are incomplete (in a SYN state).  For better accuracy it is recommended
that Windows XP system have it's port scan throttled down to the following
which is found in the individual scan configuration for each scan policy.

Max number of hosts: 8
Max number of security checks: 4
...
Max number of packets per second for a port scan: 50


For increased performance and scan reliability it is highly recommended that
Nessus Windows be installed on a server product from the Microsoft Windows
family like Windows 2003 Server.



-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of jfvanmeter@comcast.net
Sent: Wednesday, November 08, 2006 09:26
To: Nessus
Subject: Nessus 3 for Windows and VMWare Question

Hello everyone, I'm testing Nessus for WIndows (3.0.3 Build W334) and VMWare
Server )1.0.1 build-29996) on various Laptops, when I run Nessus 3 from the
host my reports are the same, when I run Nessus 3 from VMWare the reports
are different. Does anyone know of any issues with Nessus 3 and VMWare? 

I have the nic configured to bridge, should I change it to NAT? Does anyone
know of VMWare/Nessus config?


Thanks to everyone in advanced

Take Care and Have Fun

--John
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus 3 for Windows and VMWare Question, jfvanmeter
Next by Date:  Vulnerability 12236, Printer has no password set., Vanhooser, Mike
Previous by Thread:  Nessus 3 for Windows and VMWare Question, jfvanmeter
Next by Thread:  Vulnerability 12236, Printer has no password set., Vanhooser, Mike
Indexes:  [Date] [Thread] [Top] [All Lists]