Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: user priorities

from [Ondrej Holecek] Network Security [Permanent Link]
Subject: Re: user priorities
Date: Sun, 13 May 2007 20:20:03 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi Ron,

no, I run nessus on debian linux, and I cant see any mention about
Windows in my previous post.

thanks for link to blog.tenablesecurity.com, its very useful

i've tried to play with max_checks and test time is much better now
(10-15 minutes), but the maximal value I can use is 15 and in log there is
max_checks (20) > MAX_PROCESSES (16)

I think, that our computer could handle more processes without problem.
is somehow possible to increase this value? nessus3 is closed source, so
i can't recompile it.

why continuos scan:
our network is student network, the only firewall rule we use is
blocking connections to port 25 outside. we have problems with insecure
user computers attacked by worms, etc. generating unwanted (and illegal)
traffic.

with nessus we check all computers, ones a week, and if we find it has
security hole, we automatically change user's vlan to more restrictive
one (and send email to user to apply the security updates)

oHo

Ron Gula wrote:

Hi Ondrej,

Several comments and ideas --

You mention you are running Nessus on Windows XP. I'm curious if you
could share how you scheduled your continuous scans. I'm wondering if
you are experiencing overlap between your continuous scans.

With Windows XP, the performance of scans is not as good as Windows
servers (like 2003). If you can upgrade to 2003 or Linux, you should get
better performance. More memory may help, but the Windows XP OS is
limiting you some.

Perhaps you could lower the sampling of your continuous scans? Maybe add
an hour wait state between scans?

Perhaps your check per hosts or hosts to scan at the same time could be
tweaked. When playing with these variables, I like to maximize checks
per host but put hosts per scan at like 1 or 2. This lets me see how
hard the Nessus scanner works scanning one host.

The delay between logging into Nessus and starting the scan of 1 minute
(especially during another scan) is expected.

You are correct in your understanding of the 'optimize_test' setting.
You should also enable 'safe_checks' as well:
http://blog.tenablesecurity.com/2006/09/understanding_t.html

I'm not sure what your organization's goals of a continuous scan are. If
you want to discover new hosts, you don't need a full vulnerability scan
for this. Other ideas you might look into:

- The 'optimizing Nessus scan speed' blog entry
http://blog.tenablesecurity.com/2007/01/optimizing_ente.html

- You may also want to consider passive products like our Passive
Vulnerability Scanner that monitor network traffic.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com















-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRkdW07+9cGMV5qZXAQJnMQf/Qh5jgVscDLgWsmNpjLc2D162AyNvaWzY
Ay0wwVYJptEwtnduIoMnHzeOQJTKcA5SgvaR/s0IqUg21V5xM5tWzFx1+BwhwmaP
yd/iPGBDLi1pMFuw9t8L7WHlRqMNA1Q+ncYNc7EI4xvNISQDNd5NoXDeUFComyai
wYWOoS4UN6eg0Bi0ITz8n/boTS3ZsuNSFAb6JNetAllrqoNHOnJx54HakKFHLANj
lL5RFil7ijQZD97uV7XVUsLeU6fN7BGL4FGUMNk9L6Gx366vu/dWO9suoqvXWsgL
y8Vff0h1KasI6HA3SFFmQ8yferj+E2CR+UghWWWjdI4UwQogmPkIbg==
=kn5q
-----END PGP SIGNATURE-----
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: user priorities, Ron Gula
Next by Date:  Re: user priorities, Renaud Deraison
Previous by Thread:  Re: user priorities, Ron Gula
Next by Thread:  Re: user priorities, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]