General Considerations

The following are some common questions that you should answer prior to deploying Nessus Agents:

  • What operating system do you plan to deploy the Nessus Agent on?

    • Linux (Debian/RHEL/Fedora/Ubuntu)
    • Windows (Win 7/8/10, Win Server 2008/2012/2016 R2)
    • OS X (10.8+)
  • How many Nessus Agents do you plan to deploy?
    • Fewer than 1,000
    • More than 1,000 and fewer than 5,000
    • More than 5,000 and fewer than 10,000
    • More than 10,000

    Note: In deployment scenarios with more than 10,000 agents you should consider optimizing performance with agent group sizing and scan staggering as discussed in Large Scale Deployments.

  • What are the typical hardware specifications of the hosts where you want to install Nessus Agents? For example, consider disk space, disk type and speed, CPU, cores, and RAM.
  • Are there any countermeasures that exist on the host that would prevent the egress communications from the Nessus Agent to the Nessus Manager (DST: TCP/8834 [default, customizable])?
  • Are there any countermeasures that exist on the host that would prevent the agent process from executing?

    Note: See File and Process Whitelist in the appendix for a list of files and processes to whitelist per operating system.

  • How do you plan to deploy Nessus Agents across the enterprise? For example, do you want to use an enterprise deployment technology such as Active Directory, SMS, Microsoft SCCM, and/or Red Hat Satellite?
  • Do you want to deploy Nessus Agents to virtual or non-persistent systems? If so, consider adding the agent to your base device template. Tenable recommends that you review your organization's process for commissioning and decommissioning virtual/non-persistent hosts in order to properly ensure successful activation or deactivation of the Nessus Agents.
  • How do you plan to track the ratio of potentially deployable agent assets to actual assets with deployed agents?
  • How do you plan to track the health and status of the agent on the host? For example, you might want to monitor for condition x (where x is the status of the service or the registration status of the agent); if that condition is present, you might then trigger an action or notification.
  • What naming schema would best fit the infrastructure where deployed agents exist? It is important to plan how you would like to organize the breakdown of hosts running agents.
  • Do you plan to supplement agent-based scanning with traditional network scans? How will you maintain vulnerability information across agent and network scans? How will you manage multiple repositories?