I would strongly suggest, based on experience with Nessus, of starting
your scanning process by sticking with just network equipment, a few
devices at a time, and ensuring no reboots/hangs other issues occurred. As
ron said, you'll find more missing patches/firmware updates than you
realized. Get all your network devices happy with the scanning process by
ensuring they experience no outages/reboots. That will ensure that the
rest of your scan results are reliable as well. (part of that selection
process is ensuring that if you're scanning multiple network devices at
once, that an outage/reboot of one, won't affect the scan results of
another -- easily resolved by limiting things to 1 host at a time if
feasible, until you know how your network devices will respond)
The next step is working with the network team to ensure you scan devices
right after they do any firmware or config changes, to ensure you keep
things running smoothly. This process has worked well for me in my past
experience with nessus.
Of course, if you have a test environment, starting your scanning there is
best. However, it's my experience that sometimes what's in test, and
what's in production, arent' the same, between versions, firmware, patch
level, etc....
"Mike Adams" <sobe8503@gmail.com>
Sent by: nessus-bounces@list.nessus.org
09/26/2007 07:31 AM
To
cc
Subject
Nessus and networking equipment
Hello,
I recently just switched from using ISS in windows to Nessus in RHEL. I
did a test scan of my network and it caused some major issues with
connectivity. Is there anything I should know about in Nessus when it
comes to networking equipment?
Thanx!
Mike_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
