1 Reply Latest reply: Apr 20, 2017 6:07 AM by saltedsecurity RSS

Nessus Active scanner (Agent Less) & Passive scanner Ability

vijay04 Novice

Hi Guys,

 

I am hoping that you guys can help with the information on the Scanner capbility of scanning the IPs.

 

What can be the size of the scan zone (No of IPs) allocated to the sinlge Active scanner as best practise and as well as the Passive scanner.

 

Just to give an Idea network size is Moderate about 3000 - 5000 IP range. We have already had things in place (scanners sitting in the netowrk segments with out any firewall obstructions) but I am looking for the good understanding on this.

 

So I request you to please give me little elobaoration on my query on the scanner capability & best practises.

 

Thanks in advance !

  • Re: Nessus Active scanner (Agent Less) & Passive scanner Ability
    saltedsecurity Expert

    This depends on several factors, such as the hardware specs of the scanners, the number of network scans run, the type of policy used, the systems on the network, and for the PVS side, the amount of traffic generated.

     

    In practice, I've seen generally one Nessus scanner (6.10) with the suggested required hardware specs doing daily credentialed vulnerability assessments on a local network can handle about 1000-1500 hosts.  This assumes reasonable times for scans (couple of hours).  That said, this greatly depends on a variety of factors, including how quickly you want your scans to complete. 

     

    One (1GB - Standard) PVS with the minimum config can reasonably keep up with about 600-800 MB/s of network traffic off a tap.  More than that and it will stop to drop packets.  Different types of hosts produce different types of traffic, so this is harder to measure from a # of hosts perspective.  If you have insight to the bandwidth on the segments you want to put PVS on, this will help you design the deployment.

     

    Also, review the minimum hardware requirements documentation as well as the Security Center and PVS architecture documentation, this contains helpful information.