Introduction

Enterprise vulnerability scanning is quite complicated, and as such requires a certain amount of planning, preparation, and adjustment. The key factors for effectively scanning the enterprise for security vulnerabilities are easy administration, periodic scanning, and accurate results.

There is no trivial way to take a scanner such as Nessus and use it to scan the entire enterprise network. Simply pointing it toward the network and scanning will not be enough. This chapter shows some of the caveats that make this process difficult. You ll learn, for example, why simply scanning the entire network from a single point is often not viable. This involves exploring distributed scanning, differential reporting, report correlation, and automated updating.

At this point in the book, we expect that you are most likely already using Nessus for regular security testing, and are looking to take it up a notch from maintaining a list of hosts you regularly scan, to scanning your entire enterprise and using the results to improve your enterprise s security status.