High Latency Networks

In traditional Nessus Scanning, a best practice is to put the scanner close to the assets targeted for scanning and never scan across a Wide Area Network (WAN). This strategy has proven difficult for deployment scenarios where the targeted assets do not have the luxury of a local Nessus server. These scenarios include ships underway, mobile military operations, and areas with high latency and low bandwidth. These networks typically rely on satellite connections for connectivity. The network burden that a ports, protocols, and services scan produces when running a full active scan can easily take down a satellite connection.

Nessus Agents help solve this problem by significantly minimizing network traffic related to scanning.

There are three types of data transmitted when using Nessus Agents:

  • Command and control data — Transmitted from the manager to Nessus Agents, this data represents the who, what, when, where and how needed to complete the task of local scanning. This data is the smallest set of data that traverses the network.
  • Results data — Result data varies in size due to the scan configuration. Historically, compliance scans are larger than vulnerability scans. This data transmits back to the manager for aggregation. Update data is the largest data type transmitted using Nessus Agents.
  • Updates — When you install a Nessus Agent and link it to a Nessus Manager, the agent downloads a full set of plugins. Once that first full download completes, the agent only downloads incremental plugin updates. This approach drastically reduces the ongoing network traffic by only pulling content deltas across the network. Also, you can handle code updates by patch management systems like System Center Configuration Manager (SCCM) or Yellowdog Updater Modified (YUM), or via the manager itself.