Home > Security Tips > Network Security Tactics > Nessus: Vulnerability scanning in the enterprise
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK SECURITY TACTICS

Nessus: Vulnerability scanning in the enterprise


Mike Chapple
06.06.2008
Rating: -3.78- (out of 5)


Network Security Tactics
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


In the previous two installments of our series on using Nessus in the enterprise, we explored downloading and installing the Nessus vulnerability scanner and conducting system scans. Now that you have these basic procedures under your belt, we'll examine some general advice for building an enterprise scanning program with Nessus.

Developing an enterprise scanning program is, by necessity, a highly customized task. You can't simply take a stock plan off the shelf and implement it in your organization. You need to consider the unique technical, regulatory, political and cultural requirements facing your enterprise b



efore launching this inherently intrusive activity. For example, the scanning program used by a research university would necessarily be quite different from that used by an ultra-secret government agency. Both plans would differ significantly from the scanning plan used by an e-commerce retailer. Let's look at a few broad principles that apply in any large enterprise.

Hopefully, these tips gave you some good general advice on incorporating Nessus into your enterprise security architecture. In the final installment of this series, we'll take a look at building reports using Nessus output.

[TABLE]

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Network Security Tactics,   Open Source Security Tools and Applications,   Application and Platform Security,   Enterprise Vulnerability Management,   Vulnerability Risk Assessment,   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Monitoring Network Traffic and Network Forensics,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Network Security Tactics
Screencast: Samurai offers pen-testing nirvana
Firewall rule management best practices
Chained Exploits: How to prevent phishing attacks from corporate spies
Rootkit Hunter demo: Detect and remove Linux rootkits
Enterprise UTM security: The best threat management solution?
Making the case for network security configuration management
An inside look at security log management forensics investigations
How to find sensitive information on the endpoint
How to perform Microsoft Baseline Security Analyzer (MBSA) scans
How to spot attacks through Apache Web server log analysis

Open Source Security Tools and Applications
Screencast: Samurai offers pen-testing nirvana
Rootkit Hunter demo: Detect and remove Linux rootkits
When to use open source security tools over commercial products
Screencasts: On-screen demonstrations of today's IT tools
Maltego demo: Identifying a website's trust relationships
Free HP SWFScan tool detects Adobe Flash flaws
L0phtCrack returns
How to use (almost) free tools to find sensitive data
Should open source disk-encryption software be used?
Open source security concerns can trump cost savings

Vulnerability Risk Assessment
Are Web application penetration tests still important?
McAfee to acquire Solidcore Systems for whitelisting
The Pipe Dream of No More Free Bugs
Vulnerability test methods for application security assessments
Free HP SWFScan tool detects Adobe Flash flaws
PCI QSA assurance program penalizes assessors
Information security book excerpts and reviews
New York drafts language demanding secure code
Security experts identify 25 dangerous coding errors
Microsoft Windows XML flaw exploits test desktop antimalware
Vulnerability Risk Assessment Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Blowfish  (SearchSecurity.com)
Kermit  (SearchSecurity.com)
Open Source Hardening Project  (SearchSecurity.com)
SnortSnarf  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts