It is always recommended to run with a credentials scan for better results; this means that before you scan a target system, you should obtain the target system's credentials or have someone who can key-in the target system administrative credentials in the Nessus GUI without sharing with you before you start the scan. This will help Nessus to probe the target system more and more to uncover maximum vulnerabilities. If you are performing a Blackbox scan where you will not have access to the credentials, this particular prerequisite stands inapplicable.

It is recommended to have direct connectivity of Nessus with the target systems for better results; this means there should not be a firewall or any other device blocking traffic in between of Nessus and the target systems. If a firewall is in between of Nessus and the target systems, a firewall rule should be configured to allow all traffic in between of Nessus and the target systems. Don't forget to remove or deactivate this rule immediately after scan completion. This is required because Nessus generates a lot of malicious packets/traffic to the target systems for probing the vulnerabilities. In case a firewall is in place, this will drop all such malicious packets from reaching the target system.

It is the owner of the target system who can let you know the best suitable time for the vulnerability scan depending on the peak and off-peak load on the target systems. This suitable time window is called the scanning window. If you are running a scan on the production systems, it is very important to agree on a scanning window, preferably with the target system owners. It is recommended to run Nessus scans during off-peak hours when the target system has minimum load.

It is important to have a clear discussion with the target system owners to make them understand the impacts, which might take place due to a malicious scan, which may or may not be an intrusive scan. Each party should understand the risk of carrying out vulnerability scans and agree to it. This should be documented for legal purposes. Also, a non-disclosure agreement should be duly signed by each person of the team conducting the Vulnerability Assessment or Penetration Test.

It is important to make a full backup of the target system before a scan is carried out. This will ensure if something goes wrong with the target machine due to the vulnerability scan, the latest backup can be restored immediately to put the target machine back. Backup administrators should make sure they perform a full backup, which includes all data, configurations, integration information, code, release notes and special configurations, IOS, and so on.

Nessus plugins should be updated with the latest definitions before running the scan; this will make sure your Nessus is loaded with all the latest checks to discover the latest vulnerabilities.

A scan policy should be configured before running the scan as per the target system operating systems and environments. The policy should be configured in Nessus accordingly. How to create a policy is illustrated in the next section of this chapter.

Every organization has its own security policies. Nessus provides a capability to customize scan policy based on the organization's policy; for example, password complexity. While configuring a Nessus policy, you should be careful to customize the password policy as per the target organization's password policy. An organization's password policy might say any password configured is noncompliant if the password length is less than six characters, whereas other organizations might say less than eight characters is a noncompliance. Nessus gives you the flexibility to customize the policy based on your requirements before you run the scan.

In the previous chapter, we saw the different phases of Vulnerability Assessment. One of the phases before scanning is gathering information, which is again a prerequisite to the scanning phase. You should gather all the possible information from public websites, Internet, and internal staff (in case of an internal scan or a grey-box scan). This information is useful to tweak your Nessus scan policy to configure or select the required checks based on the information you obtain about the target system, also it will help in mapping the network to include the IP address.

It is important to run the scan with a good network bandwidth; if you run the scan on a low bandwidth, there are chances that packets may be dropped in between and your scan may get interrupted in between. To avoid all such circumstances, it is always recommended to run the scan when you have good network bandwidth. This will also help you in timely completion of the scan.

It is recommended to have target system administrators or an expert support staff to analyze the health and performance of target systems. If they are available during the scanning window, they can continuously monitor target systems and sound alarms. If the system is not performing properly, stop the scan; or if something goes wrong, the system can be recovered.