Mailing List Archive

highly dependent on the targets and the complexity of the scan.

In my own experience, I've had the best performance with the linux client,
but it's also pretty machine dependent. It's not like the windows or the mac
ones suck by any means.

My guess is that if you had a fat box, not a lot of firewalls (particularly
with rules that make it so hosts don't respond back), and were just doing a
"Default" scan, it would take between 8 hours and 16 hours. However, that's
a real guess... I've done a class B before, and it took about 10 hours, but
it's so dependent on so many factors.

On Fri, Nov 28, 2008 at 7:46 AM, Paul Jike <paul.jike@gmail.com> wrote:

> I am planning to deploy Nessus as a tool for scanning a very large
> network, locating the Windows hosts online, logging into these hosts
> and retrieving a dozen registry keys.
> The number of hosts that I expect to find in each scan is about 50000.
> I am wondering how fast Nessus might be in collecting this data and
> which architecture would deliver the best performance.
>
> Thank you in advance.
>
> Regards,
>
> Paul
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs

Paul,



I am in the same situation that you describe. We have > 50,000 hosts.
I have never scanned them all with a default scan, so I can't comment on
the time it should take. What I can tell you is that the Windows client
is pretty unhappy about it when I feed it a large list of subnets, so I
have to break them up in smaller lists. The Windows machine is pretty
fat so I'm fairly confident that it's not a resource issue. At any
rate, I would definitely recommend the Linux client for your project.



-Dan Rathbun









From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Doug Nordwall
Sent: Sunday, November 30, 2008 2:06 PM
To: Paul Jike
Cc: nessus@list.nessus.org
Subject: Re: Nessus performance with 50k hosts



highly dependent on the targets and the complexity of the scan.

In my own experience, I've had the best performance with the linux
client, but it's also pretty machine dependent. It's not like the
windows or the mac ones suck by any means.

My guess is that if you had a fat box, not a lot of firewalls
(particularly with rules that make it so hosts don't respond back), and
were just doing a "Default" scan, it would take between 8 hours and 16
hours. However, that's a real guess... I've done a class B before, and
it took about 10 hours, but it's so dependent on so many factors.

On Fri, Nov 28, 2008 at 7:46 AM, Paul Jike <paul.jike@gmail.com> wrote:

I am planning to deploy Nessus as a tool for scanning a very large
network, locating the Windows hosts online, logging into these hosts
and retrieving a dozen registry keys.
The number of hosts that I expect to find in each scan is about 50000.
I am wondering how fast Nessus might be in collecting this data and
which architecture would deliver the best performance.

Thank you in advance.

Regards,

Paul
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus




--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott
Stone, on MMORPGs

Paul Jike wrote:
> I am planning to deploy Nessus as a tool for scanning a very large
> network, locating the Windows hosts online, logging into these hosts
> and retrieving a dozen registry keys.
> The number of hosts that I expect to find in each scan is about 50000.
> I am wondering how fast Nessus might be in collecting this data and
> which architecture would deliver the best performance.

Tenable has many customers that deploy multiple permanent Nessus scanners
and use the Security Center to load balance the scan. Depending on the
amount of items checked, the number of scanners and the speed of the
network, some of these customers complete their scans in a few hours. Others
take longer.

If you are logging into these system with credentials, the best thing you
can do to decrease your scan time is to disabled network port scans and
only use WMI. There is no reason to perform a full port scan if you are
logging into the system and can ask it for its list of open ports. Tenable's
plugins also tells you the running process which owns the port as well.

Lastly, you should read the following Tenable blog entries which discuss
this topic:

Optimizing Enterprise Nessus Scanning for Speed
http://blog.tenablesecurity.com/2007/01/optimizing_ente.html

How to Perform a full 65,535 Port Scan with just 713 Packets
http://blog.tenablesecurity.com/2008/09/how-to-perform.html

Understanding Nessus Safe Checks
http://blog.tenablesecurity.com/2006/09/understanding_t.html

How to Audit an Internet Facing Server
http://blog.tenablesecurity.com/2008/04/how-to-audit-an.html

Ron Gula
Tenable Network Security

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus