Samples Enterprise Security Scanning Framework


Planning a Deployment
Make a list of your network's assets, who is responsible for them, and to whom the results should be mailed.
Invite all the network's assets owners and managers to an overview of Nessus' capabilities, and the effects they have. Give a live demonstration.
Use a test lab to determine the network bandwidth requirements your organization can afford.
Automate the server's process of scanning and updating.

Configuring Scanners
Choose a topology that suits your needs.
Buy any additional hardware you require.
Practice scanning for a specific threat, as in the case of a critical Microsoft advisory.

Data Correlation
Use a database instead of files to store all the results.
Correlate the results you receive from scans to help you concentrate on the most serious vulnerabilities.
Generate differential results from the data stored in the database.
Generate complex results using sophisticated SQL statements.
Filter out from the database irrelevant vulnerabilities and false positives.
Use third-party tools to ease the use vulnerability assessment in your organization.

Common Problems
Avoid problems caused by scanning too aggressively.
Test relatively unknown software and hardware in a test lab to avoid unexpected problems.
Try to avoid scanning printers to save paper resources.
Scan your workstations during working hours to avoid illusive hosts, or instruct your employees to leave their workstations turned on for the night.

Nessus Network Auditing by Renaud Deraison et al.


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.desktopauditing.com/trackback/92

User login

Who's new

  • toolwerx
  • Papabaz
  • onendoclame
  • RakvallWeet
  • invijah

Who's online

There are currently 0 users and 1 guest online.