Say we want to exclude 101 and 102 we can create targets like so:
192.168.1.1-192.168.1.100, 192.168.1.103-192.168.1.254
Reducing scan impact:
1. Exclude or Limit Scanning of Network Infrastructure Devices
-
Exclude devices like:
-
Firewalls
-
Switches
-
Wireless access points
-
Routers
-
-
These devices often:
-
React poorly to port scans and probes
-
Have limited CPU/RAM for handling scan traffic
-
Could throttle or interrupt user traffic when overwhelmed
-
✅ Yes, you should exclude these devices unless you have a clear need to scan them and have coordinated with the network team.
✅ 2. Use Scan Throttling and Performance Settings
Adjust the performance settings in Nessus:
-
Scan Configuration > Performance Settings:
-
Reduce the number of max simultaneous checks per host.
-
Lower the max simultaneous hosts scanned.
-
Increase the timeout to prevent retries.
-
Set network scan delay (e.g., 100–300 ms).
-
Use Safe Checks to avoid DoS-like behavior.
-
This reduces the burst load on the network and the devices.
✅ 3. Use Targeted or Segmented Scans
-
Break the scan into smaller IP ranges or subnets.
-
Focus on servers, endpoints, or business-critical systems first.
-
Scan different segments at different times or windows.
This distributes the load and avoids network congestion.
✅ 4. Schedule Scans During Off-Hours
-
Run scans during non-peak hours (e.g., late evening or weekends).
-
Coordinate with the customer for a maintenance window.
This is often the simplest way to avoid affecting productivity.
✅ 5. Enable Credentialed Scanning Where Possible
-
Credentialed scans are less noisy on the network.
-
They use authenticated access (e.g., SSH, SMB) to gather data from inside the system.
More accurate and less intrusive than aggressive remote scans.
✅ 6. Use Passive or External Discovery Methods First
-
Start with:
-
ARP sweep
-
DNS enumeration
-
SNMP discovery
-
Existing asset inventories
-
-
Use these to map devices before a full vulnerability scan.
✅ 7. Communicate and Test First
-
Run a scan in a test VLAN or lab to profile the impact.
-
Communicate with the network and system admins.
-
Make sure there’s monitoring in place to see how scans affect performance.
No comments:
Post a Comment