Once a security an officer concludes that enterprise scanning is needed, he or she is usually baffled by the big questions: How do I do it? And how much effort must I put into that? These two questions are answered in detail in this Enterprise Scanning chapter. We all know that planning your deployment is important, and this is the case with Nessus.

Nessus requires preparation of your network for the bandwidth requirements of the scanner. Measuring these requirements is not always easy, but with a few tricks and the right third-party tools, you can measure these requirements, and understand the effect they will have on the network.

Bandwidth utilization is greatly affected by the different types of topologies you use to deploy the scanning servers. The different topologies also affect the hardware requirements and the necessary preparations for the day when you will need to scan a specific vulnerability instead of using the complete arsenal of vulnerability tests at your disposal.

As simply scanning your network is not enough, you need to place these results in some centralized location and start sorting out the relevant data. Once the data is placed in a database, we can use it to correlate the different results provided by the differential exposure to vulnerabilities from multiple locations throughout an organization. We can also use the database to see how the vulnerabilities have progressed over time. Most importantly, once the data has been placed in a single location, we can filter out any...