Assigning the Tasks

Once we have decided what we want to scan, we need to start dividing the scans between the different hosts. When we divide the scans, we need to make sure we do not breach the confidentiality of the different departments by placing a single server scanning administratively separate networks, we do not cause too much traffic across the network by placing the server in a single place and scanning the whole network from it, and that we can still control the servers placed around the network even if they are in the different parts of the network.

There are three possible distributed scanning topologies you can use: Star, Flat, and Islands. Each topology has its advantages and disadvantages. We will start with the islands topology, as it is the easiest to explain. The islands goal is to install Nessus daemons that are completely isolated from each other, thus maintaining the highest form of separation between the different departments. In the islands topology, there is no single point of control to the servers, and each network has its own Nessus client connecting to the server.

Advantages of the islands topology include:

• Information cannot leak between departments.

• Any problems with one server s scans does not affect the others.

• Each server can have an independent administrator. This administrator doesn t gain any additional access...